[erlang-questions] DTLS UDP socket reuse / SSL passive API?
Vance Shipley
vances@REDACTED
Wed Jan 3 13:44:33 CET 2018
On Wed, Jan 3, 2018 at 2:39 PM, Andreas Schultz
<andreas.schultz@REDACTED> wrote:
> I do have a use case that is even more complicated then simply upgrading UDP
> to DTLS.
> CAPWAP is runnig unencrypted and DTLS traffic on the same socket. It
> distinguished between the traffic with a small header in front of the
> payload packet. I therefore need a demultiplexer on the UDP socket that
> removes the header and passes the encrypted payload to the DTLS stack.
I think you're in luck.
> There is somewhat similar problem when doing EAP-TLS over RADIUS or
> DIAMETER. The TLS traffic is encapsulated within RADIUS/DIAMETER requests
> and needs to be passed into the TLS stack and the replies need to
> encapsultated with RADIUS/DIAMETER.
SigScale has a pure Erlang implementation of EAP-TTLS over RADIUS
using the SSL app in OTP in our open source Online Charging System
(OCS): https://github.com/sigscale/ocs
> The current socket abstraction in the SSL app is not prepared to handle this
> and would need invasive changes.
The existence of the API is hidden in this one sentence of the User Guide:
http://erlang.org/doc/apps/ssl/ssl_protocol.html
"By default SSL/TLS is run over the TCP/IP protocol even though you
can plug in any other reliable transport protocol with the same
Application Programming Interface (API) as the gen_tcp module in
Kernel."
Here is our SSL transport callback module:
https://github.com/sigscale/ocs/blob/master/src/ocs_eap_tls_transport.erl
--
-Vance
More information about the erlang-questions
mailing list