On Sun, Jul 5, 2026 at 12:05 PM Gianfrancesco Aurecchia < [email protected]> wrote:
> > > Il giorno ven 3 lug 2026 alle ore 23:51 Jakub Zelenka <[email protected]> ha > scritto: > >> >> Just a little follow up on this. I spoke with Arnaud, who is working on >> IO hooks, and he got actually a better idea that we could allow using user >> stream wrapper as an underlaying stream which would cover this much better. >> So it could be used like this: >> >> $transport = fopen("my-dtls-transport://..."); >> stream_socket_enable_crypto($transport, true, >> STREAM_CRYPTO_METHOD_DTLS_CLIENT); >> fwrite($transport, "some data"); >> >> It means that for your use case, we will probably >> need stream_socket_enable_crypto. This will still need a custom BIO and >> might not be completely straight forward so not something to look now. Just >> keep that in mind. >> >> > Thanks to you and Arnaud, nice idea. Using a user stream wrapper as the > underlying transport and running DTLS on top of it via > 'stream_socket_enable_crypto' (through a custom BIO) covers the case more > flexibly, leaving the application in control of the transport. > > If I understand correctly: the app implements its own stream wrapper, then > 'stream_socket_enable_crypto($transport, true, > STREAM_CRYPTO_METHOD_DTLS_CLIENT)' enables DTLS on top, with a custom BIO > that reads/writes through the underlying stream (instead of the datagram > BIO on the socket). Is that right? > > Yeah that's the idea but it might be not be that easy because the current design (not in your PR but in TCP but we want to use the same kind of logic for both) is to re-use the underlying stream ops (TCP for TLS and UDP for DTLS) so we might need to generalise it a bit so it can be re-used with user stream wrapper instead. As we want to do that for both, it would be better to integrate the same kind of logic to dtls and then look into that redesign. We might end up with just different paths depending on stream wrapper that is being enabled but it would be still nice to have it done in a clean way. Kind regards, Jakub
