Age | Commit message (Collapse) | Author |
|
This allows to authenticate using SASL EXTERNAL over BOSH
using a client TLS certificate for the HTTPS connection of
the BOSH channel.
The implementation also enforces the HTTPS server certificate
of subsequent BOSH connections not to change.
This commit also removes TLSConnection and TLSConnectionFactory
as no code is using them.
Test-Information:
Tested against M-Link 16.3v6-0 on Debian 7.9 and Swift on
OS X 10.10.5. Verified working client certificate authentication.
Verified Swift not falling back to password-based authentication,
in case EXTERNAL is not allowed by the server over BOSH or
the client certificate is invalid.
Change-Id: Ia96bcac27cac9fc9261ed847c82c6328307bfbd1
|
|
This patch fixes the code to handle HTTP/1.0 proxies which
do not keep the connection alive after a single request.
If a HTTPTrafficFilter returns a new header reply, the HTTP
CONNECT proxy code will issue the request over a new connection.
The final connection is kept alive, as it used for the
persistent connection forwarding.
In addition, the response status line is now passed to the
HTTPTrafficFilter handling method to provide ability to act
upon the response status code.
Missing passthrough of the HTTPTrafficFilter object the down
the stack to the HTTPConnectProxiedConnection is added.
Test-Information:
Added a unit test following an NTLM HTTP proxy authentication
with a static HTTPTrafficFilter. This and other unit tests
still pass.
Change-Id: Ida0d1aec08a60f10c1480e1eecaecbd3f87b0dca
|
|
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
|
|
This fix lets HTTPConnectProxiedConnection buffer response data in
pieces until the end of the HTTP header is reached. Only then it will
try to parse the HTTP header.
This is *not* the HTTP chunked transfer encoding.
Test-Information:
Adjusted one test to respond in pieces and added a new test case that
verifies that response data is buffered.
Change-Id: Icfb987bdf2fc5771401a8a9c6979fa9ad1eebdca
|
|
This patch adds HTTPTrafficFilter and integrates it into
HTTPConnectProxiedConnection. This allows the HTTP CONNECT proxy
initialization process to be customized.
Test-Information:
Added a unit test that verifies the new functionality.
Change-Id: I0b93c319fb205487b8be65717276cd0dd38851a3
|
|
Change-Id: I94ab4bbb68c603fe872abeb8090575de042f5cb4
|
|
The Connector class had "_xmpp-client._tcp." hard-coded in it, which meant
that it was not suitable for non-XMPP clients.
This change means that the Connector can now be used by clients who
are interested in arbitrary SRV records; the CoreClient class is updated
accordingly.
Test-information:
Built and ran Swift - seems to work as expected
Ran unit-tests ("scons test=unit") - reports OK
Change-Id: I0fea9aa90f5d1d5e3a4b90f3362b663fe9d8e207
|
|
Change-Id: I33c55c300c9b387e87b2af7e08c59973ee5678fc
|
|
Fix sign conversion warnings.
Removing heavy unnecessary includes.
Change-Id: I992f43065498823098a875badb020c7c84fc4797
|
|
Change-Id: I6c3dfe548b1e0a4ccba0dd834447e5fa40e397d6
|
|
Also fixes use of getPort() so that HTTP headers aren't all for port :1.
Change-Id: I8ead8a7f4826d1105bf1feafea21e6139e803de7
Resolves: #1178
|
|
Resolves: #962
|
|
|
|
|
|
Resolves: #1030
|
|
|
|
|
|
|
|
|
|
This adds support for BOSH to Swiften. It does not expose it to Swift.
Release-Notes: Swiften now allows connects over BOSH, if used appropriately.
|
|
This should avoid unnecessary copying of the received data
while being processed by the event loop.
|
|
License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
|
|
This connector will be useful for fallbacks in case of proxies.
|
|
|
|
|
|
The event loop now needs to be explicitly passed to clients
using it.
|
|
|
|
Resolves: #588
|
|
Resolves: #346
|
|
|
|
Resolves: #305
|
|
|
|
|
|
|
|
Resolves: #87.
|
|
|
|
|
|
This means we can now move them to a separate thread.
|
|
Connections now fallback on other DNS entries upon failure,
taking into account SRV priorities.
|
|
|
|
|
|
|