[gnutls-devel] handshake packet re-ordering issue during encrypted handshake

[Guillaume Roguez]

Hi,

Using gnutls 3.4.12, I'm trying to implement an encrypted and authenticated UDP channel using DTLS.
To not send the certificate in clear during the handshake, I'm doing a double hanshake, starting
with an anonymous credential session, then forcing a re-handshake using a certified credential session.

My in-production code was worked well... until some users complain about the certified handshake not working.

After investigation I've found that the packet containing (completely or partially) the client certificate is
shift in time at server side.
This packet is encryted as it's inside anonymous session, quite big (all allowed bytes used = MTU size)
and re-ordered by the network.

It seems that gnutls handshake doesn't like this situation: the server drops all following packets.

To not enter into a complex code (our product is https://ring.cx), I've written a simple client/server working on GNU/Linux
based from samples found in gnutls documentation, added a bit of code to do the double handshake
and simulate the packet re-ordering by swapping the first big packet with the next one (only in server code).


Questions: What am I doing wrong? In this case, what's the good way to implement my anonymous certificate exchange?

The code (there is a bit of C++11 code, just easier for me to write few things):

client: http://gpl.savoirfairelinux.net/ring-download/tests/gnutls_reordering_client.cpp
build with command (GCC5.x): g++ -std=c++11 -g -Wall gnutls_reordering_client.cpp -o gnutls_reordering_client -pthread -lgnutls -lnettle

server: http://gpl.savoirfairelinux.net/ring-download/tests/gnutls_reordering_server.cpp
build with command (GCC5.x): g++ -std=c++11 -g -Wall gnutls_reordering_server.cpp -o gnutls_reordering_server -pthread -lgnutls -lnettle

each binary must be run with 3 arguments: cafile certfile keyfile
(to establish the certified session)

Thanks for any help,
Guillaume R.