Hi Wes,
The biggest issue comes from needing to deal with multiple clients
trying to talk through the same UDP port, which isn't handled by at
least the 0.9.8i code at least.
Using multiple connections with one socket is still not implemented as
the OpenSSL architecture and API does not support this. To be able to
choose which connection within a socket you want to send to or receive
from, major changes would be necessary, starting from SSL_read,
SSL_write, etc. and ending with the relation between BIO and SSL
objects.
As a workaround you can use connected UDP sockets. Just use accept()
and connect() as you would with TCP connections and create new BIO and
SSL objects for every connection. I have tested that and it works
pretty well so far.
I'd love feedback on some of my conclusions. I'm not in any way an
OpenSSL exert and dove further into the code this time than I have in
the past. But I'm not swimming in the deep end yet.
The write up is written on the Net-SNMP wiki, since that's what I was
working on it for. It's written fairly generically so you don't
need to
understand SNMP (and people who know SNMP don't need to know a huge
amount about OpenSSL). IE, There is a fair amount of introductory
text.
http://www.net-snmp.org/wiki/index.php/DTLS_Implementation_Notes
To avoid getting into trouble with already fixed bugs you should apply
the patches I sent to the dev list. I'll set up a website with a patch
collection and some instructions soon.
Regards,
Robin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
