Unencrypted support connections plus proxy support #32

Thaodan · 2022-09-25T06:01:20Z

Contributes to Purple-Rocket Chat behind SSL-ClientAuthentication #30.

Thaodan · 2022-09-27T06:44:59Z

Everything works now except that in Bitlbee the select encryption option somehow doesn't work, have to check.

Thaodan · 2022-09-27T09:38:01Z

Works now in Bitlbee too, Bitlbee didn't like the reverse option list.

EionRobb · 2022-09-27T09:38:43Z

Might also want to check that all the tabs didn't turn into spaces before you mark it as ready to merge :)

Thaodan · 2022-09-27T10:09:11Z

Might also want to check that all the tabs didn't turn into spaces before you mark it as ready to merge :)

Fixing that right now.

Are you open to adding editorconfig to the repo to avoid such issues in the future?

EionRobb · 2022-09-27T10:35:17Z

Are you open to adding editorconfig to the repo to avoid such issues in the future?

Sounds good :)

librocketchat.c

EionRobb · 2022-09-28T07:23:24Z

librocketchat.c

-
+
+	if (ya->websocket_server != ya->server) {
+		host = g_strdup(ya->websocket_server);


Does this leak the memory of the old host? Need g_free(host) before assign?

Do I need to do so? host is just a plain char array without malloc created in the purple function.

librocketchat.c

EionRobb · 2022-09-28T07:25:33Z

librocketchat.c

+	if (ya->websocket != NULL)
+		purple_ssl_close(ya->websocket);
+	else if (ya->fd > 0) {
+		if (ya->pc->inpa)


is pc->inpa exposed through a function rather than direct struct access? If so can we use that func for forwards compatibility?

Purples Jabber plugin also uses the same way to access pc. The pc is part of the account structure, I'm not sure how that would change with Purple 3.x but I don't see any of that so far.

Purple 3 makes all the eg PurpleConnection and PurpleAccount structs private

Oh it seams I should have used ya->inpa instead.
Purple 3.x would do g_source_remove(ya->inpa).

I kept that part as Purple 2.x does it the same for Jabber.
The Purple 3.x section would look differently anyway..

The plugin "uses" purple_ssl_connect for Purple 3.x however this has been removed and replaced by Gio.
E.g. see here:
https://keep.imfreedom.org/pidgin/pidgin/file/tip/libpurple/protocols/jabber/jabber.c#l686

I would favor to merge this section as is and the Purple 3.x support should be fixed in another PR (#33).

librocketchat.c

EionRobb · 2022-09-28T07:29:53Z

librocketchat.c

+                                            "connection_security", encryption_values);
+	account_options = g_list_append(account_options, option);
+
+	option = purple_account_option_string_new(N_("Proxy"), "proxy", "");


There's proxy options available in the libpurple api that can be used instead from the proxy tab using the PurpleProxyInfo stuff in purple_proxy_get_setup() https://docs.imfreedom.org/pidgin2/proxy_8h.html#a6995e6f63718dcd8644b9d4ef471392a if that makes things easier?

The thing is that isn't really a "proxy", it's more like using another host instead of the real host.
It works by using either stunnel or socat as an ssl proxy - both work fine from my tests.

I'm not sure, does using purple_proxy_get_setup() set anything else?

Oh right! This is so you can add in the client cert? Just putting 2 and 2 together now. With a label like "proxy" I wouldn't want anyone to get tripped up with the other Proxy tab.

Naming stuff is hard.

What about "intermediate server"?

What about "intermediate server"?

Isn't that also a proxy? I think proxy is accurate.

Oh right! This is so you can add in the client cert? Just putting 2 and 2 together now. With a label like "proxy" I wouldn't want anyone to get tripped up with the other Proxy tab.

Yes this and the unencrypted connection so there's no SSL twice.

EionRobb · 2022-09-28T07:31:05Z

Awesome stuff!

- Always initialize variables, ping_frame_len was uninitialized in some cases. - Remove redundant else after if websocket closed switch to goto try_reconnect section. - Handle also errno EINPROGRESS and ENOENT - Indent Signed-off-by: Björn Bidar <[email protected]>

- Abstract all operations that affect sockets into small wrappers - Initialize either TLS or proxy connection depending on the setting Signed-off-by: Björn Bidar <[email protected]>

The option allows the use of a proxy server that is used instead of the real server. Since the real server is still needed inside `rc_socket_upgrade()` we still have to keep it for that. Signed-off-by: Björn Bidar <[email protected]>

Read below for more: https://editorconfig.org/ Signed-off-by: Björn Bidar <[email protected]>

g_memdump is deprecated in glib 2.68.0. Signed-off-by: Björn Bidar <[email protected]>

Signed-off-by: Björn Bidar <[email protected]>

Thaodan force-pushed the thaodan/connection_improvements branch 4 times, most recently from 2810565 to f3798c1 Compare September 27, 2022 06:44

Thaodan force-pushed the thaodan/connection_improvements branch 2 times, most recently from 1010377 to e67378f Compare September 27, 2022 09:36

EionRobb marked this pull request as draft September 27, 2022 09:39

Thaodan force-pushed the thaodan/connection_improvements branch from e67378f to 1dfbaf3 Compare September 27, 2022 10:08

Thaodan changed the title ~~WIP: Unencrypted support connections plus proxy support~~ Unencrypted support connections plus proxy support Sep 27, 2022

Thaodan force-pushed the thaodan/connection_improvements branch from b240888 to 463b195 Compare September 27, 2022 13:51

Thaodan marked this pull request as ready for review September 27, 2022 16:41