search

ShadowJonathan / DusTLS

Pure-Rust DTLS
Apache License 2.0
11 stars 1 forks source link

Code duplication and dependency to rustls #2

Open ShadowJonathan opened 2 years ago

ShadowJonathan commented 2 years ago

Looking through the rustls interface, I realised that, to effectively make dtls work, I'd have to copy a lot of rustls interfaces, or effectively patch their behaviour.

I'm not sure how warranted that is, and/or if such a thing is even necessary.

The upside to copying the code is that it effectively would make this library easier to read/work with, as it's largely contained, other than the cipher suites exported from rustls.

The downsides is that this would result in logic divergence if the rustls crate updates its own logic, and it could get unnoticed in this library. Consequently it could also result in some errors, which could result in vulnerabilities.

Rustls has a lot of TLS-specific behaviour, and among them is also a lot of pub(crate) locked stuff.

I'd rather let this crate be some sort of consumer to the rustls crate, rather than them having to completely accommodate and promise API stability on interfaces they'd rather not.

I also don't know if this means that this library is better off being integrated as a rustls submodule, but that's to be seen.

ShadowJonathan commented 2 years ago

At this point i'm probably thinking, for the sake of ease, to just copy most of the handshake logic from rustls directly.

This'll probably not be good long-term, as I can make mistakes when doing this, and I probably would want to submit patches to rustls that;

However, this'll have to happen in correspondence with them, and at the moment i'm aiming to get a working example up, before refactoring it to use more vetted code from rustls.

The reason to do this over just exporting and patching around rustls features is because i think the latter can result in less clean and more opaque code, i'm trying to achieve flexibility as well, and instead of fighting with a peppered fork of rustls, i think it's more useful to copy the code that i would need to fundamentally alter (in some form), try to keep up, and then try to think about how to re-integrate this generic-ness in the rustls repo in a way that makes sense generically.

TotalKrill commented 2 years ago

It seems wise that you have prioritized getting a working example up over getting stuck in trying to change the underlying interfaces to be compatible. I think you will find an easier time having something working, that you want to merge/consolidate than to try to merge/consolidate to get something working.

Thanks for keeping you thoughts public, its nice to follow along :)