It looks like OpenSSL 1.0.1* supports DTLS over SCTP Due to upstream Bug #2535. I've got a patch that appears to work on both a Linux/AMD64 machine and Gentoo/FreeBSD VM. I'll need someone to double-check the use of the kernel_linux/kernel_FreeBSD USE flags in the LIB_DEPEND variable to make sure that's proper, as I can't find any specific documentation on the use of those special USE flags, nor the case of a feature common to two different OSes, but in different libraries.
Created attachment 373722 [details, diff]
OpenSSL SCTP/DTLS support.
I wonder if a virtual for sctp would be a better approach versus using the kernel_* flags. virtual/sctp could be satisfied by net-misc/lksctp-tools on Linux and sys-freebsd/freebsd-lib on FreeBSD.
ebuild patch seems reasonable. i know nothing about sctp though.
if that's the only change you need (to the ebuild), then feel free to commit to latest 1.0.1 and 1.0.2 versions. if you need a patch for the openssl sources, then it's a different story ...
Worth opening a discussion on -dev about a virtual/sctp and possibly an 'sctp' global USE flag first? It's one of the four IANA "General Purpose Protocols" (tcp, udp, sctp, and dccp). It's big in telephony networks (SCTP originally was developed to carry the SS7 stack over IP networks), but it's being looked at for a lot of other things. Might be a good idea to futureproof now rather than later.
if we're the only consumer, for now let's just keep it in the ebuild. if it becomes more of a thing (like when USE=sctp transitions from a local to global flag), we can re-evaluate the virtual then.
Setting to IN_PROGRESS, because while I have an e-mail ready, I'm waiting for all the furor over Heartbleed to die down before changing anything.
(In reply to Joshua Kinard from comment #6)
> Setting to IN_PROGRESS, because while I have an e-mail ready, I'm waiting
> for all the furor over Heartbleed to die down before changing anything.
The dependency on net-misc/lksctp-tools should be changed to depend on at least net-misc/lksctp-tools-1.0.12, since emerging the package having
net-misc/lksctp-tools-1.0.11-r1 installed results in error due to SCTP_SENDER_DRY_EVENT being undeclared.
It looks to me it was added in lksctp-tools-1.0.12 release.
Commit message: Require recent lksctp-tools
I still have that virtual/sctp ebuild lying around for the Gentoo/FreeBSD case. Want me to still put that into the tree and lock the lksctp version there?