This project is now licensed under the Apache license. Individual files
now have a license reference header.
The Apache 2.0 license text is copied to the file LICENSE. The file
NOTICE, referred to in the license text, has been added. A placeholder
README.txt has been added.
These three new files are integrated into the distribution/installation
machinery, and are placed into the package directory upon installation.
The new module setup.py handles creation of package distributions in
compressed formats, and performs installation of said distributions
after decompression. Distribution strategy for PyDTLS is in the form
of source distributions only.
Building the OpenSSL library on Windows is non-trivial. Requirements
include linking against the same version of the C runtime that is used
by the Python interpreter, or else Microsoft redistributable
installation may also need to be performed. For the convenience of
Windows users, the distribution procedure includes creation of
prebuilt versions of the OpenSSL library for both 32- and 64-bit
versions of Windows. Despite containing binaries, these are still
source distributions that are installed with "python setup.py
install."
A version of OpenSSL compiled with the MinGW toolchain is included.
cygcrypto-1.0.0.dll and cygssl-1.0.0.dll contain symbols and can be
debugged with gdb. All MinGW OpenSSL dll's link with msvcr90.dll.
In order to avoid making installation a requirement after cloning, the
package initializer looks for prebuilts of the currently executing
platform and copies them into the dtls package directory before
continuing module initialization.
A distribution containing prebuilts for all platforms as well as those
containing no prebuilts (appropriate for Linux) can be generated by
issuing "python setup.py sdist --prebuilts."
This change introduces a demux that uses the kernel's network stack for UDP
datagram-to-socket assignment based on packet source address (as opposed to the
forwarding strategy of the routing demux). The osnet demux is used by default
on non-Windows platforms. When possible, use of the osnet demux is preferred
over the routing demux, since it can be expected to perform better.
The unit test suite has been extended to run all tests first with the demux
selected by default for the current platform, and then with the routing demux,
if the latter differs from the former. Tests were already being run twice, first
with IPv4 and then with IPv6, and thus we now run each test four times on
Linux, twice on Windows.
All unit tests pass with both demux types.
A patch implementation is provided, which augments and alters the Python
standard library's ssl module to support passing of datagram sockets, in which
case this package's DTLS protocol support will be activated. The ssl module's
interface is intended to operate identically regardless of whether the DTLS
protocol or another protocol is chosen.
The following features of the ssl module are explicitly supported with
datagram sockets:
* socket wrapping, unwrapping, and re-wrapping
* threaded UDP servers
* asynchronous UDP servers (asyncore integration)
* socket servers (SocketServer integration)
The following modules have been added:
* dtls.patch: standard library module patching code and substitution
functions and methods
* unit.py: this is a port of the standard library's testing module
test_ssl.py for datagram sockets; all tests pass at this time;
a couple of inapplicable tests have been dropped; a few other
tests have been added
Also note that the err module's exception raising mechanism has been
augmented so as to raise exceptions of type ssl.SSLError (as opposed to
dtls.err.SSLError) when instructed to do so through activation of the patching
mechanism. This allows code written against the standard library module's
interface to remain unchanged. In some cases, types derived from
ssl.SSLError are raised.
This initial commit for the PyDTLS package includes the following functionality:
* DTLS cookie exchange, using secure hmac cookies
* A platform-independent routing UDP demultiplexer
* SSL handshaking over UDP using the DTLS protocol
* Datagram exchange using the DTLS protocol
* SSL shutdown over UDP
The package is structured as follows:
* dtls: top-level package
* dtls.demux: demultiplexer package; automatically loads a
demultiplexer appropriate for the currently executing
platform
* dtls.demux.router: a routing demux for platforms whose network stacks
cannot assign incoming UDP packets to sockets based
on the sockets' connection information
* dtls.demux.osnet: a demux that uses the operating system's UDP packet
routing functionality
* dtls.err: package-wide error handling and error definitions
* dtls.sslconnection: a client and server-side connection class for
UDP network connections secured with the DTLS protocol
* dtls.openssl: a ctypes-based wrapper for the OpenSSL library
* dtls.test: test scripts, utilities, and unit tests
The following binaries are provided:
* libeay32.dll: cryptographic portion of the OpenSSL library
* ssleay32.dll: protocol portion of the OpenSSL library (depends on former)
* cygcrypto-1.0.0.dll: as libeay32.dll, but with debugging symbols
* cygssl-1.0.0.dll: as ssleay32.dll, but with debugging symbols
All binaries have been built with the MinGW tool chain, targeted for msvcr90.
The unstripped dll's can be debugged on Windows with gdb. Cygwin is not used.
Ray Brown