Certificate and RPK support missing in DTLS backend

[jiangliq2000]

Hi in my local stress test, I need dtls with cert file mode, but it looks tinydtls only support psk mode, I want to know if there is plan to support dtls with cert mode? on the other way, I try to use python3-dtls socket to replace tinydtls socket on the tinydtls.py, then I did it successfully, it works well , I hope it can support dtls with cert file mode. thanks

[chrysn]

While the underlying tinydtls library may support certificates (the original proposal puts it out of scope, but code search indicates that some things are there), the Python wrapper used (DTLSSocket) is PSK only. If you can convince the author to add certificate or RPK support, I can add it easily to aiocoap.

Now that python3-dtls supports DTLS 1.2 and Python 3, a port there would be an option; the maintenance situation of those modules is a bit unclear, though (no issue tracker activity and no Python 3 port from upstream, and the mobius-software fork of pydtls that is python3-dtls does not look like it is a continuation of development and more like "we fix this one porting thing").

WolfSSL's library would be an option, but given they by default don't compile in CoAP's mandatory-to-implement algorithm (and recompiling things in dependencies is a pain in Python build systems), that doesn't look too promising either.

So long story short, there is no certificate support for CoAP-over-DTLS in aiocoap for lack of good libraries. I'm taking this up as a wishlist bug, but unless you or someone else finds a suitable backend library (or can show me that one of the candidates is indeed suitable), don't expect any fast movement here.