Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use native chrome ssl sockets #433

Open
wants to merge 1 commit into
base: master
from

Conversation

@alexgartrell
Copy link

commented Aug 5, 2019

This looks pretty similar to a change by @flackr, but submitting anyway in case there's something I'm missing.

Previously, we relied on a pure javscript ssl implementation called forge
for secure sockets. This had a couple of significant downsides:

  1. Certificate Authentication via your trusted CA (or any CA) didn't work
  2. Name verification wasn't enabled

As a result, secure sockets were not secure.

This solves the problem by using the (present since Chrome 38) secure
socket support. This gives you all of the TLS certificate authentication
goodness of chrome for free. As a plus, it's also a relatively simple
change, so I was able to delete most of the logic for ssl and just add a
separate callback for pre secure connect.

Alex Gartrell
Use native chrome ssl sockets
Previously, we relied on a pure javscript ssl implementation called forge
for secure sockets. This had a couple of significant downsides:
1. Certificate Authentication via your trusted CA (or any CA) didn't work
2. Name verification wasn't enabled

As a result, secure sockets were not secure.

This solves the problem by using the (present since Chrome 38) secure
socket support. This gives you all of the TLS certificate authentication
goodness of chrome for free. As a plus, it's also a relatively simple
change, so I was able to delete most of the logic for ssl and just add a
separate callback for pre secure connect.
@flackr

This comment has been minimized.

Copy link
Owner

commented Aug 6, 2019

As you pointed out I have a similar change https://github.com/flackr/circ/tree/chrome-sockets-tcp-secure. The issue I found when trying this is that chrome.socket requires additional attestation which fails on many SSL irc servers. For example, when connecting to freenode:

/server chat.freenode.net +6697
Socket Error: failed to secure socket: net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED (error 110)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.