On 14/04/15 19:45, Florian Weimer wrote: > Is it possible to use DTLS with some sort of non-socket BIO? > > Basically, I have datagrams which I know belong to a specific DTLS > session, and I want to feed them to OpenSSL and get back further > datagrams to send out in response. (This is similar to what SSLEngine > does in OpenJDK, except there it's for plain TLS.) DTLS currently supports UDP and SCTP for the underlying BIO. In theory you could implement your own BIO to do whatever you want but it would have to support the BIO ctrls that DTLS uses - see crypto/bio/bss_dgram.c (in particular the dgram_ctrl and dgram_sctp_ctrl functions) > > An example how to establish a DTLS session with multiple peers over an > unconnected socket would help, too. > To do that you need to use DTLSv1_listen(). I recently wrote a man page for this function, but it hasn't hit the repo yet. Attached FYI. You might also want to check this page: http://sctp.fh-muenster.de/index.html Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: DTLSv1_listen.pod Type: application/x-perl Size: 4030 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150414/3a8231a6/attachment.bin>
