This issue will be used to track the current status of DTLS sock implementation and integration with gcoap. I'll try to keep it updated.

DTLS Sock TODO List

• Add (D)TLS credential management module credman sys: add credman (D)TLS credential management module #11564
• Introduce DTLS sock API sys: new sock submodule for DTLS #11909
• Add implementation of the DTLS sock API for tinydtls pkg/tinydtls: add DTLS sock API implementation #11943
• Add implementation of the DTLS sock API for WolfSSL - WIP
• Add DTLS integration for gcoap using DTLS sock - WIP at gcoap: add DTLS integration #12104
  • current state: tested working with libcoap + tinydtls, aiocoap + tinydtls, californium + scandium
  • Extend credman to handle the second use case as described in this comment - Not started yet Done by extending library API e.g. gcoap_set_credential_tag()
  • Move out gcoap_init() from autoinit - gcoap: add lazy init mode #12529 replaced by net/gcoap: add macro to delay initialization of gcoap #12798
• Add general way to set/get sock_dtls_session_t from a sock_udp_ep_t and vice-versa

Description

sock_dtls aims to provide a wrapper around DTLS stack in RIOT so that users can choose the underlying stack by a USEMODULE in the Makefile.

I am aware of @rfuentess's sock_secure and @danielinux's wolfSSL effort and have reviewed it together with @tcschmidt, @waehlisch, @miri64 (who also helps me with the API), @MichelRottleuthner and others (feel free to chime in if there is anything I missed/had it wrong here). This API hopes to solve the comments that we have, such as:

1. Targeting DTLS and TLS is (mostly) not needed in RIOT use case. The users typically know from the start which underlying stack to use
2. connect, listen in traditional socket has a different meaning when used in DTLS compared to TLS.
3. Sending and receiving of packets using sock_udp internally. sock_dtls is responsible for encrypting, decrypting of the packets and handshake. This should help by minimizing changes when integrating with existing applications such as gcoap.

To implement this API, the implementors of stack must provide the definition the structs (like in sock_udp, sock_tcp) through the modules/pkgs.

Edit: The DTLS sock API is now merged in master. See sys/net/sock/dtls.h. Removed the API from this post for readability.