3.2 The transport layer

TLS is not limited to any transport layer and can be used above any transport layer, as long as it is a reliable one. DTLS can be used over reliable and unreliable transport layers. A set of functions is provided and their purpose is to load to GnuTLS the required callbacks to access the transport layer.

• gnutls_transport_set_push_function
• gnutls_transport_set_vec_push_function
• gnutls_transport_set_pull_timeout_function
• gnutls_transport_set_pull_function
• gnutls_transport_set_ptr

The function gnutls_transport_set_pull_timeout_function is only applicable to DTLS sessions. All those functions accept a callback function as a parameter. The callback functions should return the number of bytes written, or -1 on error and should set errno appropriately.

In some environments, setting errno is unreliable, for example Windows have several errno variables in different CRTs, or it may be that errno is not a thread-local variable. If this is a concern to you, call gnutls_transport_set_errno with the intended errno value instead of setting errno directly.

• gnutls_transport_set_errno

GnuTLS currently only interprets the EINTR and EAGAIN errno values and returns the corresponding GnuTLS error codes:

• GNUTLS_E_INTERRUPTED
• GNUTLS_E_AGAIN

These values are usually returned by interrupted system calls, or when non blocking IO is used. All GnuTLS functions can be resumed (called again), if any of these error codes is returned. The error codes above refer to the system call, not the GnuTLS function, since signals do not interrupt GnuTLS’ functions.

DTLS however deviates from this rule. Because it requires timers and waiting for peer’s messages during the handshake process, GnuTLS will block and might be interrupted by signals. The blocking operation of GnuTLS during DTLS handshake can be changed using the appropriate flags in gnutls_init.

• gnutls_init

By default, if the transport functions are not set, GnuTLS will use the Berkeley sockets.