- DTLS spec recommends HelloVerify and Anti Replay protection be enabled,
and these are enabled in the default mbedTLS config. Implement them here.
- To help compensate for the possible increase in code size, add a
MICROPY_PY_SSL_DTLS build config macro that's enabled for EXTRA and
above by default.
This allows bare metal mbedTLS ports to use DTLS with HelloVerify support.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
This commit enables support for DTLS, i.e. TLS over datagram transport
protocols like UDP. While support for DTLS is absent in CPython, it is
worth supporting it in MicroPython because it is the basis of the
ubiquitous CoAP protocol, used in many IoT projects.
To select DTLS, a new set of "protocols" are added to SSLContext:
- ssl.PROTOCOL_DTLS_CLIENT
- ssl.PROTOCOL_DTLS_SERVER
If one of these is set, the library assumes that the underlying socket is a
datagram-like socket (i.e. UDP or similar).
Our own timer callbacks are implemented because the out of the box
implementation relies on `gettimeofday()`.
This new DTLS feature is enabled on all ports that use mbedTLS.
This commit is an update to a previous PR #10062.
Addresses issue #5270 which requested DTLS support.
Signed-off-by: Keenan Johnson <keenan.johnson@gmail.com>
