DTLS (UDP) support

I'll absolutely consider reviewing a branch which implements DTLS. It will probably be a long time before I actually do it myself, though.

I have a project at the moment which would benefit hugely from DTLS...

From what I understand the addition of DTLS was the addition of DTLSv1_METHOD and a new constant to identify the new method from the python end, so I thought I'd get my hands dirty and have attached a diff with the changes to include DTLSv1_METHOD.

Dale

Hey Dale,

Thanks for jumping in. :) I don't really know anything about DTLS. If you could expand your patch in a couple ways, so as to help me understand what's going on, then I'll be more likely to apply the changes to trunk soon. :) Here are a few things:

  - Add a section to the docs that talks about DTLSv1_METHOD - what it does, why you'd want to use it.
  - Add a unit test or two which uses it (as a bonus, this doubles as a usage example)

Alternatively, just explaining what the general idea here is in a comment on this ticket would also be quite helpful, or providing a link to some existing OpenSSL documentation about DTLS (which I've had trouble finding).

Thanks again!

Where can we find the patch? I don't mind working on the documentation and test case.

It looks like Dale deleted it. Unfortunately I don't have a copy. I'm not sure why Dale deleted it. Maybe he'll read this comment and explain.

Hi again

I spent quite a bit of time earlier this year trying to get DTLS to work but as it turned out DTLS was broken in openssl anyhow - so I pulled the patch as it was untestable. Fortunately with openssl1.0.0a DTLS appears to be working - and the diff for the changes is attached. I've also included a minimalist client/server sample.

Hope this is of use

Dale

I've confirmed that Dale's patch works with pyopenssl-0.10 and openssl-0.9.8k-7ubuntu8.5. I was not wrapping a UDP socket, but used memory BIO connections instead. I also had to implement the set_mtu() function so that I could use larger datagrams and avoid the auto MTU detection. My modified patch is attached.

Thanks for your work on this. The patch looks like a good start. To support memory BIO connections correctly, I think you also need to expose DTLSv1_get_timeout (not even remotely the same as SSL_get_timeout, and not named correctly according to the SSL naming convention, I would say). Otherwise you won't know when to do handshake retransmits.

There also need to be some unit tests to demonstrate the functionality works! :) Thanks again for your interest in this area of pyOpenSSL.

is there any news on this?

there seems to be another implementation effort to get dtls functionality into python.
https://github.com/rbit/pydtls

Unfortunately only for python2.7,
what do you think,
is it going to be easier to use native openSSL with python3 or port pyDTLS to python3?

pydtls is an unrelated project. Please take discussion related to it to a forum related to it.