Another progress report

I improved the handling of HTTP connections in my implementation. It now supports non-persistent connections to ejabberd and keep-alive and pipelining connections to Openfire (using Safa's dev build). I also implemented acknowledgments checking and key-sequencing. Additionally, I made some modifications to the proxy group stored in the Gajim config file. The configuration dialog for BOSH proxy has slightly changed to allow an optional set of HTTP proxy before the Connection Manager.

Next, I will focus on securing BOSH TCP connections. Currently, Gajim attempts to establish an SSL connection first and falls back to plain text when SSL negotiation or handshake fails. When connecting to the Connection Manager via BOSH, there shouldn't be an issue as long as the client goes directly to CM. The protocol used (XMPP or HTTP) over SSL doesn't matter in this case, although there is no negotiation within BOSH. However, when a proxy is used, I observed that Firefox sends an HTTP request with the CONNECT method to the proxy, which opens a tunnel to the remote machine. The SSL handshake then occurs on the opened channel. I will adopt the same approach because there seems to be no other way to tunnel HTTPS over a proxy.

With the tunnel established using CONNECT, it would be more reasonable to send XMPP directly instead of using BOSH over HTTP. However, CONNECT is usually limited to certain port numbers. Nonetheless, I believe it should be possible to achieve the same with BOSH as well (Gajim already supports XMPP via HTTP proxy using the CONNECT method).

Midterm update

I made changes to the Gajim XMPP code to support HTTP connections. Now, my branch is compatible with BOSH Connection Managers in ejabberd 2.0.1 and Openfire 3.5.2. You can find it in Gajim SVN:

svn co svn://svn.gajim.org/gajim/branches/bosh_support@9924

To connect using HTTP bindings, create a proxy of type "BOSH" in the Proxy Managing dialog (Accounts -> Connection tab -> Manage next to Proxy combobox). Then, enter the Connection Manager URI and port in the respective text fields.

Please note that there are some bugs, and I haven't tested it with a proxy yet. My next tasks include addressing protocol issues, adding TLS support, and fixing networking code before merging it back to the main codebase.

I also observed two issues with Openfire: it doesn't respond to the stream-restart body tag after SASL authentication, and it doesn't classify iq stanzas (children of the body tag) with an XML namespace. This caused the XML parser in Gajim to consider the iq stanzas as part of the http://jabber.org/protocols/httpbind namespace because it's the parent body's xmlns.