> Couple of quick questions about this patch. Do we really need to > reimplement this for DTLS? Isn't there some way DTLS could share the TLS > extension code? I'd imagine that some existing TLS extensions such as > servername or session tickets might be useful for DTLS as well as the EC > curve ones.
Basically using the same code makes sense. However, at the moment that would require lots of checks because the renegotiaton extension is the only one that is tested. Since I'm not familiar with the other TLS extensions, I'd need far more time to implement them for DTLS as well. Unfortunately it's not always enough to enable the extensions in the Hellos. That's why I took the shortcut by implementing it separately. > I also notice we have s->version checks in several places including the > standard version and the DTLS_BAD_VER. I'm wondering if checking the > method would be simpler once it has been assigned e.g. > ssl->method->version == DTLS1_VERSION That is true. To make things easier we could also define a macro like #define IS_DTLS(s) \ (SSL_version((s)) == DTLS1_VERSION || SSL_version((s)) == DTLS1_BAD_VER) Regards, Robin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
