Add secure method to tcp socket for firefox #12
Conversation
|
FYI, this pull request is also related to freedomjs/freedom#92 (freedom interface) and freedomjs/freedom-typescript-api#19 (typescript API update) |
| } | ||
| this.clientSocket = new ClientSocket(); | ||
| this.clientSocket.setOnDataListener(this._onData.bind(this)); | ||
| this.clientSocket.connect(this.hostname, this.port, true); |
There was a problem hiding this comment.
Does this continue the existing TCP session, or start a new one? It looks like it makes a new connection to the host/port.
There was a problem hiding this comment.
It continues the existing TCP session. The firefox API is weird and unlike in Chrome you don't get a unique socket identifier which you can upgrade to TLS, nor is there a socket object with any upgradeToTls method. Instead it appears to keep a mapping from hostname/port to a socket which can be upgraded to tls by creating a new nsISocketTransport object (not necessarily the same as creating a new connection) with type 'starttls'.
We will need to test this in the future and make sure it doesn't result in weird race conditions if we have 2 pieces of code both trying to connect to the same hostname/port and do a starttls flow (e.g. if there are 2 instances of a GTalk social provider that are both trying to connect to GTalk at the same time with different logins)
There was a problem hiding this comment.
seems worth a comment.
On Tue, Aug 12, 2014 at 8:51 AM, dborkan notifications@github.com wrote:
In providers/tcp_socket.js:
- this.port = port;
- continuation();
+};
+// TODO: handle failures.
+Socket_firefox.prototype.secure = function(continuation) {
- if (!this.hostname || !this.port || !this.clientSocket) {
- continuation(undefined, {
"errcode": "SOCKET_NOT_CONNECTED","message": "Cannot Secure Not Connected Socket"- });
- return;
- }
- this.clientSocket = new ClientSocket();
- this.clientSocket.setOnDataListener(this._onData.bind(this));
- this.clientSocket.connect(this.hostname, this.port, true);
It continues the existing TCP session. The firefox API is weird and unlike
in Chrome you don't get a unique socket identifier which you can upgrade to
TLS, nor is there a socket object with any upgradeToTls method. Instead it
appears to keep a mapping from hostname/port to a socket which can be
upgraded to tls by creating a new nsISocketTransport object (not
necessarily the same as creating a new connection) with type 'starttls'.We will need to test this in the future and make sure it doesn't result in
weird race conditions if we have 2 pieces of code both trying to connect to
the same hostname/port and do a starttls flow (e.g. if there are 2
instances of a GTalk social provider that are both trying to connect to
GTalk at the same time with different logins)—
Reply to this email directly or view it on GitHub
https://github.com/freedomjs/freedom-for-firefox/pull/12/files#r16121843
.
|
Just added a test for starttls, PTAL |
|
👍 |
Add secure method to tcp socket for firefox
Adding a secure method to tcp socket for firefox.
Firefox sockets can be upgraded to TLS using by calling nsISocketTransportService.createTransport with type 'starttls' and the same hostname and port as an existing insecure tcp socket. Documentation is here: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsISocketTransportService#createTransport()
Tested by connecting to chat.facebook.com on port 5222, then upgrading the socket to TLS, and verifying we get prompted with a challenge from facebook in response.