Add ALPN Support

2018-01-03 22:09:33 +01:00 · 2018-01-03 22:09:33 +01:00 · 32e873e6eb
parent b1d45ec008
commit 32e873e6eb
2 changed files with 20 additions and 6 deletions
--- a/gajim/common/connection.py
+++ b/gajim/common/connection.py
@ -63,6 +63,7 @@ from gajim.common import passwords
 from gajim.common import exceptions
 from gajim.common import check_X509
 from gajim.common.connection_handlers import *
+from gajim.common.helpers import version_condition

 from gajim.gtkgui_helpers import get_action

@ -1079,9 +1080,9 @@ class Connection(CommonConnection, ConnectionHandlers):
        # SRV resolver
        self._proxy = proxy
        self._hosts = [
-            {'host': h, 'port': p, 'type': 'tls', 'prio': 10, 'weight': 10},
-            {'host': h, 'port': ssl_p, 'type': 'ssl', 'prio': 10, 'weight': 10},
-            {'host': h, 'port': p, 'type': 'plain', 'prio': 10, 'weight': 10}
+            {'host': h, 'port': p, 'type': 'tls', 'prio': 10, 'weight': 10, 'alpn': False},
+            {'host': h, 'port': ssl_p, 'type': 'ssl', 'prio': 10, 'weight': 10, 'alpn': False},
+            {'host': h, 'port': p, 'type': 'plain', 'prio': 10, 'weight': 10, 'alpn': False}
        ]
        self._hostname = hostname

@ -1110,9 +1111,11 @@ class Connection(CommonConnection, ConnectionHandlers):
        for record in result:
            service = host[1:]
            if service.startswith(SERVICE_START_TLS):
+                record['alpn'] = False
                self._append_srv_record(record, 'tls')
                self._append_srv_record(record, 'plain')
            elif service.startswith(SERVICE_DIRECT_TLS):
+                record['alpn'] = True
                self._append_srv_record(record, 'ssl')

        self._num_pending_srv_records -= 1
@ -1209,8 +1212,13 @@ class Connection(CommonConnection, ConnectionHandlers):
            'tls_version')
        cipher_list = app.config.get_per('accounts', self.name,
            'cipher_list')
-        secure_tuple = (self._current_type, cacerts, mycerts, tls_version,
-            cipher_list)
+
+        if version_condition(nbxmpp.__version__, '0.6.3'):
+            secure_tuple = (self._current_type, cacerts, mycerts, tls_version,
+                            cipher_list, self._current_host['alpn'])
+        else:
+            secure_tuple = (self._current_type, cacerts, mycerts, tls_version,
+                            cipher_list)

        con = nbxmpp.NonBlockingClient(
            domain=self._hostname,
@ -1244,7 +1252,7 @@ class Connection(CommonConnection, ConnectionHandlers):
            on_connect_failure=self._connect_to_next_host,
            on_stream_error_cb=self._StreamCB,
            proxy=self._proxy,
-            secure_tuple = secure_tuple)
+            secure_tuple=secure_tuple)

    def log_hosttype_info(self, port):
        msg = '>>>>>> Connecting to %s [%s:%d], type = %s' % (self.name,
--- a/gajim/common/helpers.py
+++ b/gajim/common/helpers.py
@ -44,6 +44,7 @@ from gajim.common import caps_cache
 import socket
 import time
 from datetime import datetime, timedelta, timezone, tzinfo
+from distutils.version import LooseVersion as V

 from encodings.punycode import punycode_encode
 from string import Template
@ -1586,3 +1587,8 @@ def download_image(account, attrs):
    if proxy and proxy['type'] in ('http', 'socks5'):
        return _get_img_proxy(attrs, proxy)
    return _get_img_direct(attrs)
+
+def version_condition(current_version, required_version):
+    if V(current_version) < V(required_version):
+        return False
+    return True