feat: dtls connection using mbedtls #10
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Could you also create issues for the TODOs described in https://github.com/status-im/nim-mbedtls? It seems to me they need to be worked on before we say this work has been completed. |
|
What DTLS version is https://github.com/status-im/nim-mbedtls using? |
webrtc/dtls/dtls_connection.nim
Outdated
| # Mbed-TLS contexts | ||
| ctx: MbedTLSCtx | ||
|
|
||
| proc verify(ctx: pointer, pcert: ptr mbedtls_x509_crt, |
There was a problem hiding this comment.
Reading the implementation, I find it unclear how it verifies the certificate's validity.
There was a problem hiding this comment.
Hum... it's because the name verify is wrong. We use this callback because we need to retrieve the remote certificate from the peer (for the DataChannel). It's the solution I found to retrieve it, after this callback, the certificate is not stored.
I change the name to make it clearer!
webrtc/dtls/dtls_connection.nim
Outdated
| of AddressFamily.IPv6: | ||
| mb_ssl_set_client_transport_id(self.ctx.ssl, self.raddr.address_v6) | ||
| else: | ||
| doAssert(false, "Should never happen") |
There was a problem hiding this comment.
Suggested change
| doAssert(false, "Should never happen") | |
| raiseAssert("Remote address must be IPv4 or IPv6") |
diegomrsantos
approved these changes
Aug 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Presentation
This PR is part of the stack to create the nim-libp2p webrtc-direct transport (defined here: https://github.com/libp2p/specs/blob/master/webrtc/webrtc-direct.md).
For this PR, we do not implement the full DTLS protocol, we are using the library MBed-TLS (nim wrapper: https://github.com/status-im/nim-mbedtls / C-library https://github.com/Mbed-TLS/mbedtls) to create and use a DTLS connection.
DTLS
DTLS is a protocol designed to provide the same security features as TLS, but for UDP applications. It secures communications over UDP, which is inherently unreliable and connectionless. By using DTLS, WebRTC ensures that all data streams are encrypted and secure from potential eavesdropping, tampering, and other security threats.