Monday, July 28, 2008

Another progress report

I kept on improving the HTTP connections handling and now my implementation can deal with non-persistent connections to ejabberd and with keep-alive and even pipelining connection/s to Openfire (for which Safa provided me with his dev build) and I implemented acknowledgments checking and key-sequencing. I also made some modification to proxy group stored in Gajim config file. Configuration dialog for BOSH proxy slightly changed to allow optional set of HTTP proxy preceeding the Connection Manager.

Now I'm going to take a look on securing BOSH TCP connections. Gajim currently tries to estabilish SSL connection at first, and fall back to plain when SSL negotiation or handshake fails. Considering BOSH connection to Connection Manager, there's no problem as long as the client goes to CM directly - it doesn't matter whether we send XMPP or HTTP over SSL I guess (well except for the fact that there's no negotiation with in BOSH but SSL handshake should follow TCP conn estabilishment). Question is what to do when proxy is used. I checked what Firefox does when reaching HTTPS server over proxy and it just sends HTTP request with CONNECT method to the proxy, which opens a tunnel to the remote machine and SSL handshake then takes place on opened channel. I will do it in the same way because there's no other way how to tunnel HTTPS over proxy, right?
With connection opened with CONNECT, it's probably more reasonable to send the XMPP directly instead of BOSH HTTP but CONNECT is usually limited to certain port numbers so I think it should be possible with BOSH as well. (Gajim can already do XMPP via HTTP proxy with CONNECT method)

1 comment:

DeepSpawn said...

I'm really glad you're doing this, keep up the good job.

I can't wait this get merged to gajim trunk.