Support multiple certificates and certificate chains

[dzianisv]

Your environment.

• Version: e63b39a

Library usage

	dtlsConfig := &dtls.Config{
		Certificate: certificate,
		PrivateKey:  privateKey,
		ClientAuth:  dtls.RequestClientCert,
	}

	trackingContext := NewTrackingContext()

	listener, err := dtls.Listen("udp", bindAddr, dtlsConfig)
	if err != nil {
		logger.Fatal(err)
	}
	defer listener.Close()

	for {
		logger.Debug("Waiting for the new connection")
		conn, err := listener.Accept()
		if err != nil {
			logger.Debugf("Failed to accept a new connection: %s", err)
		}
		go communicate(conn.(*dtls.Conn), trackingContext)
	}

What did you do?

I tried to connect to the simple dtls server using

openssl s_client -dtls1_2 -cert cert.pem -key cert.key -mtu 1472 127.0.0.1:8080

and it works! But when I use a -cert_chain argument, dtls implementation fails:

openssl s_client -dtls1_2 -cert cert.pem -cert_chain cert.pem -key cert.key -mtu 1472 127.0.0.1:8080

What did you expect?

Successful handshake

What happened?

Logs from server implementation on golang:

2019-04-05T15:09:23.968+0300    DEBUG   signaling       signaling/main.go:167   Waiting for the new connection
2019-04-05T15:09:23.968+0300    DEBUG   signaling       signaling/main.go:47    Accepted a new connection from 127.0.0.1:37854
2019-04-05T15:09:23.968+0300    DEBUG   signaling       signaling/main.go:56    Read error: dtls: data length and declared length do not match
handleIncoming: Handshake not finished, dropping packet

[dzianisv]

golang-dtls-server-cert-chain-issue.zip

[dzianisv]

cert.zip

[dzianisv]

Server works if client certificate authentication is disabled: ClientAuth: dtls.NoClientCert. I see the following handshake packets

[Sean-Der]

Hey @denis4net!

Sorry I haven't had a chance to look at this yet. I am working on PSK at the moment, when that is complete I will come right back to this.

thanks for the patience :)

[aconchillo]

it seems this PR #99 would fix this.