Monday, July 28, 2008

Another progress report

I kept on improving the HTTP connections handling and now my implementation can deal with non-persistent connections to ejabberd and with keep-alive and even pipelining connection/s to Openfire (for which Safa provided me with his dev build) and I implemented acknowledgments checking and key-sequencing. I also made some modification to proxy group stored in Gajim config file. Configuration dialog for BOSH proxy slightly changed to allow optional set of HTTP proxy preceeding the Connection Manager.

Now I'm going to take a look on securing BOSH TCP connections. Gajim currently tries to estabilish SSL connection at first, and fall back to plain when SSL negotiation or handshake fails. Considering BOSH connection to Connection Manager, there's no problem as long as the client goes to CM directly - it doesn't matter whether we send XMPP or HTTP over SSL I guess (well except for the fact that there's no negotiation with in BOSH but SSL handshake should follow TCP conn estabilishment). Question is what to do when proxy is used. I checked what Firefox does when reaching HTTPS server over proxy and it just sends HTTP request with CONNECT method to the proxy, which opens a tunnel to the remote machine and SSL handshake then takes place on opened channel. I will do it in the same way because there's no other way how to tunnel HTTPS over proxy, right?
With connection opened with CONNECT, it's probably more reasonable to send the XMPP directly instead of BOSH HTTP but CONNECT is usually limited to certain port numbers so I think it should be possible with BOSH as well. (Gajim can already do XMPP via HTTP proxy with CONNECT method)

Sunday, July 13, 2008

Midterm update

After some structure changes in Gajim XMPP code I finally got to implementing HTTP connections handling and now my branch can be used with BOSH Connection Managers in ejabberd 2.0.1 and Openfire 3.5.2. You can find it in Gajim svn:

svn co svn://

In order to connect over http bindings you need to create proxy with type "BOSH" in Proxy Managing dialog (Accounts -> tab Connection -> Manage next to Proxy combobox), and put Connection Manager URI and port to text fields.
However it's still quite buggy and I haven't tried it over proxy yet. Next item on my TODO are the semantic issues of the protocol, then TLS support and config dialog. I also broke down some parts of networking code and I'll have to fix those before merging back to trunk.

Two things I noticed about Openfire - it doesn't respond to stream-restart body tag after SASL authentication and it doesn't classify iq stanzas (children of body tag) with XML namespace. Latter caused XML parser in Gajim consider the iq stanzas as of namespace because that's xmlns of parent body.