-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
erdtls* comments #13
Comments
Here are some comments based on my previous attempt at building a DTLS plugin for GStreamer:
|
For gst-launch, we could allow initialisation with a null agent to create a default agent (and with a single connection, you would not have to worry about sharing the object between the two elements). Could you expand a bit about the problem you see with getting a loop on state changes if we merge the two into a single element? |
|
For gst-launch, what if you have separate rtp and rtcp? We'd still need two contexts. That said, we probably also want a way to share some of the context to be able to do SSL session resumption to make the second connection much faster. The state changes are sink to source. What if you have: For the same reason we use a separate udpsrc and udpsink element even when they share the same socket. Although that indeed means that you can't do a real useful DTLS connection with gst-launch anyway (because you can't share the socket between udpsrc and udpsink). |
Regarding your second point, I think you're discussion two different things. There are two things that are shared between the different DTLS elements:
|
Regarding OpenSSL initialisation: this seems like something that would be a compile-time flag. From what I could find it would also be possible to add a lock around the initialisation and then hope the application uses locks as well ^_^ Regarding threads, the DTLS elements have full control of the threading. OpenSSL is used in a single-threaded way, the only thread that is used (timeout thread) is created by the ErDtlsConnection. |
What if some other part of the application uses OpenSSL ? OpenSSL is not used to encode and decode the buffers in the streaming thread? What if the other side sends DTLS (not SRTP?) |
I don't see the problem with other parts of the application using OpenSSL, except for the initialisation? The ErDtlsConnection creates a new SSL context, which isn't shared with the rest of the application.
It is
Not sure I follow... the ErDtlsSrtpDec demuxes RTP/DTLS if that's what you're asking. |
Btw, I don't have anything against swapping out OpenSSL or providing other alternatives. I just don't think it should be done in a way that makes it more difficult to use the plugin, or because the code is greener in the other library. |
All SSL libraries are horrible, I just want to make sure we expose OpenSSL's limitations correctly (because not exposing it and then having it crash randomly will be a pain!) |
😄 that's a nice way of looking at the problem. |
I think you mean SSL/TLS is horrible 😄 If it was only the libraries... |
Should this be closed now or is there anything left to be done? |
These are some broad thoughts I had on the erdtls plugins and their usage. Also including some comments by @Rugvip (who can correct me if I got these wrong).
The text was updated successfully, but these errors were encountered: