I improved the handling of HTTP connections in my implementation. It now supports non-persistent connections to ejabberd and keep-alive and pipelining connections to Openfire (using Safa's dev build). I also implemented acknowledgments checking and key-sequencing. Additionally, I made some modifications to the proxy group stored in the Gajim config file. The configuration dialog for BOSH proxy has slightly changed to allow an optional set of HTTP proxy before the Connection Manager.
Next, I will focus on securing BOSH TCP connections. Currently, Gajim attempts to establish an SSL connection first and falls back to plain text when SSL negotiation or handshake fails. When connecting to the Connection Manager via BOSH, there shouldn't be an issue as long as the client goes directly to CM. The protocol used (XMPP or HTTP) over SSL doesn't matter in this case, although there is no negotiation within BOSH. However, when a proxy is used, I observed that Firefox sends an HTTP request with the CONNECT method to the proxy, which opens a tunnel to the remote machine. The SSL handshake then occurs on the opened channel. I will adopt the same approach because there seems to be no other way to tunnel HTTPS over a proxy.
With the tunnel established using CONNECT, it would be more reasonable to send XMPP directly instead of using BOSH over HTTP. However, CONNECT is usually limited to certain port numbers. Nonetheless, I believe it should be possible to achieve the same with BOSH as well (Gajim already supports XMPP via HTTP proxy using the CONNECT method).
1 comment:
I'm really glad you're doing this, keep up the good job.
I can't wait this get merged to gajim trunk.
Post a Comment