[erlang-questions] DTLS Status and examples?
Wed May 7 20:38:23 CEST 2014
2014-05-07 18:38 GMT+02:00 Andreas Schultz <aschultz@REDACTED>:
> > DTLS is not yet runnable, as there is not yet a red thread through the
> > dtls_connection.erl is the most incomplete module. It is the module that
> > implements
> > the finite state machine of the DTLS handshake, it correspondes to
> > tls_connection.erl. In general tls_* implements TLS specific parts and
> > dtls_* DTLS specific parts and ssl_* common parts.
> Looking at dtls_connection.erl, it seems to me that it replicates to much
> from tls_connection.erl.
Did not say anything of it being finished. You should see it more as
sketch. I have been refactoring in a lot in small steps, making sure that
TLS is not is broken. And I do expect that there will be more refactoring.
At the pure TLS FSM level, DTLS and TLS are almost identical. The only real
> here is the HELLO VERIFY request.
Well tls_connection and ssl_connection does not implement a pure
handshake-FSMs, it also handles the user data, record- and alert protocols.
> To me it looks like the current dtls_* modules duplicate lots of the SSL
> record level
> FSM functions, when they IMHO should only abstract the differences in the
> level mapping.
I am sure there is still room for improvement, for our design two things
are important. The connection process for TLS and DTLS shall be separate
behaviour implementations so that a bug in one will not affect the other.
We want to leave room for API functions that may be DTLS and/or TLS
specific, and also we want to reuse as much as possible of the original
SSL/TLS code. I have also tried to use a much as possible of your
contributed code. And yes there are some design decisions left to make and
some code that is there now that may be disregarded.
> You could always do a test suite for DTLS that corresponds to
> > ssl_to_openssl_SUITE.erl in the test directory. Once you have a test
> > it is easier to try to fill in the gaps in dtls_* .
> The pure connection oriented test can be converted with very little
Yes sure they can, but it is still work that needs to be done and does not
take zero time. It is just a start, but you need to start somewhere and
once dtls_connection is more close to connection process implementation
you can start a test driven approach of making it work.
> that manually open a TCP connection are a bit harder. The real challenge
> will be to
> come up with exhaustive testes for packet loss, reordering and duplication.
Good testing is always a challenge ;)
Regards Ingela Erlang/OTP team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions