[riot-notifications] [RIOT-OS/RIOT] sys: new sock submodule for DTLS (#11909)

Aiman Ismail notifications at github.com
Mon Jul 29 17:34:23 CEST 2019


> `DTLS_PSK` and `DTLS_ECC` should be exposed to the doc somewhere. And maybe renamed `SOCK_DTLS_PSK`/`SOCK_DTLS_ECC`. How about adding
> 
> ```c
> #ifdef DOXYGEN
> #define SOCK_DTLS_PSK (0) /**< PSK mode */
> #define SOCK_DTLS_ECC (0) /**< ECC mode */
> #endif
> ```
> 
> or something similar to `net/sock/dtls.h`?

I think it is better to expose it in tinydtls pkg instead of DTLS sock as `DTLS_PSK` and `DTLS_ECC` is tinydtls specific and other DTLS implementation may not have/use defines to enable support for specific cipher suites (e.g. wolfSSL uses [`wolfSSL_CTX_set_cipher_list()`][1]). There are also other defines that are not documented anywhere other than [examples/dtls-echo README][2] such as DTLS_CONTEXT_MAX and more.

Or would documenting it all in a new doxygen group (e.g. net_encryption) be better? The group could also describe caveats and configuration options of each DTLS implementation and explain how to use credman with DTLS sock. In general, information on how to get started with using (D)TLS in RIOT.

> Also, it's not clear to me, if the two are mutually exclusive

No, it is not mutually exclusive. A DTLS sock should be able to use multiple cipher suites.

[1]: https://www.wolfssl.com/doxygen/group__Setup.html#gac5835a41f08b90828e72ec20d46d6399
[2]: https://github.com/RIOT-OS/RIOT/blob/master/examples/dtls-echo/README.md#handling-the-static-memory-allocation

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/11909#issuecomment-516042741
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190729/80bc40f9/attachment.htm>


More information about the notifications mailing list