I recently started looking into GLib TLS implementation written by Dan Winship. As a reflex, I tried to merge it into my proxy branch. Things did not go so well, not because the branches are wrong, but because they both need similar features inside GIO. This is a good lesson for me, I should have been more careful to what Dan was doing.
So I decided to restart my analyses with both features together (Proxy and TLS). I’m far from being done but I’d like to share my findings so far. Let’s start with a simplified representation of a “normal” network connection.
The goal with that little timeline was to prove myself that both features fits well together. Some may notice that this is exactly what would happen if you connect through SOCKSv5 to an XMPP server doing TLS auto-negotiation. This use case is important for me since I would like to remove TLS code from Wocky (Telepathy Gabble XMPP stack) and use GLib in the future.
That’s all very interesting but where’s the problem ? Well the thing is that both proxy and TLS handshake requires information about the original destination address. For proxy handshake, we have to send the original hostname and port to the proxy server. For proxy protocol like HTTP, you need to know the destination protocol in order to decide if you leave the connection as-is (e.g HTTP, Gopher and FTP) or if you have to use HTTP Connect method. For TLS handshake, you need to check server certificate against the original destination address (not against the proxy server address). You also need to take in consideration the scheme if an URI was used to connect.
On proxy side, the implementation is using the GProxyAddress (a subclass of GSocketAddress). It is used to memorize the destination hostname and port. On TLS side a method get_name() was added to GSocketConnectable interface. The first thing I told myself when I started writing this was: Why a program can’t just remember that information ? Well the answer is that in both cases this information might be acquired dynamically during the address enumeration. As an example, if you use GNetworkService class, you will never know what hostname was really used since the returned GSocketAddress does not contain it.
Basically, this is what I need to work on to pursue my way trough a more complete network stack in GLib (and get Proxy/TLS support from GLib in Telepathy Gabble ;)).