Hello,
> Interesting,
> Two more questions.
>
> 1. Which callback should be used to perform a specific action after a
> DTLS session is setup. SSL_CTX_set_verify looks like a possibility. Is
> it called again when the the DTLS session is renegotiated?
If you want to write your own verification function - yes.
On renegotiation callback function is called again unless
SSL_VERIFY_CLIENT_ONCE is set - then when renegotiation occurs no client
verification is performed.
> 2. Can you offer any suggestions about how to de-multiplex multiple DTLS
> sessions terminating on the same UDP port?
In DTLS there is no support for "appications" using the same IP port
(like, for example, in RDP - reliable data protocol which offers
reliable data transfer over datagram protocol).
But there are some solutions:
- if you write your own client/server application you may do session
management like tftp does - when tftp client connects to tftpd
daemon some socket/port>1024 is allocated for this client on server
side and next data exchange between server and this client
is carried on this socket - one client - one socket
(ease to implement).
- you may use some BIO_*_mem()/BIO_*_dgram() chaining, very good
example you may find in Resiprocate project at:
http://scm.sipfoundry.org/viewsvn/resiprocate/main/resip/stack/
in files DtlsTransport.cxx, DtlsTransport.hxx.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
