Implement chrome.sockets.tcp.secure

[tanx]

Good news. Chrome socket is getting native TLS support in Chrome 38: https://developer.chrome.com/apps/socket#method-secure

We have gone ahead and added support to our tcp-socket shim and tested this in chrome canary: https://github.com/whiteout-io/tcp-socket/blob/7f88ffe0ce5f33a22a1489f3bcaa2e9d0bd6474d/src/tcp-socket.js#L247

It would be great to see this api come to iOS/Android as well since native TLS would obviously be much faster and battery conserving.

Thanks!

[mmocny]

Interesting, considering that chrome.socket is deprecated as of 33. My guess is that we will just put effort into the new chrome.sockets api starting September.

[tanx]

Ok good to know. We'll migrate to the new api too then.

[mmocny]

If you are looking for a wildly inaccurate estimate, I'd say end of Sept we'll have something for chrome.sockets.

[tanx]

Great thanks!

[mmocny]

@oahziur FYI. chrome.sockets.tcp equivalent: https://developer.chrome.com/apps/sockets_tcp#method-secure

[felixhammerl]

@mmocny do you know about this? https://code.google.com/p/chromium/issues/detail?id=132896
the sockets.tcp.secure api does not seem to be functional in chrome ...

EDIT:
see this tweet and the replies: https://twitter.com/felixhammerl/status/522802068189622273
so now we're kind of stuck in between two apis of which none work on all of the devices... do you have any thoughts how to address this situation? any ideas are highly welcome :)

[felixhammerl]

i added chrome.sockets.tcp support to our tcp-socket abstraction: emailjs/emailjs-tcp-socket#13
since this thing is broken in chrome, it would be nice to have a testbed in ios ;) :)

[oahziur]

@felixhammerl A workaround for https://code.google.com/p/chromium/issues/detail?id=403076 is calling setPaused(sockId, true) before making a tcp connection, upgrading to ssl, and then setPaused(sockId, false)

Here is a sample test on chrome

mobile-chrome-apps/chrome-cordova/chrome-apps-api-tests/tests/auto/test.chrome.sockets.tcp.js

Line 259 in 8292575

it('TCP secure get https website', function(done) {

[felixhammerl]

ok, that might work for TLS.
but in the STARTTLS use case, the socket does not pause/abort a pending read :(

[felixhammerl]

@oahziur any ideas on how to handle the pending read in the STARTTLS use case?

[oahziur]

@felixhammerl I didn't know any good solution for STARTTLS now (both for Chrome Desktop and iOS).

However, I found that the pending read can be consumed by receiving some data after paused, and the receive event will also be called. If you setPaused before sending STARTTLS, the pending read will be handled. For example,

function trySTARTTLS() {
  var receiveCounter = 0;
  var startTLSReceiver = function(info) {
    receiveCounter++;

    if (receiveCounter == 2) {
      chrome.sockets.tcp.setPaused(info.socketId, true);
      chrome.sockets.tcp.send(info.socketId, stringToArrayBuffer('STARTTLS\r\n'), function(result) {
      });
    } else if (receiveCounter == 3) { // Ready To Start STL Response
      chrome.sockets.tcp.secure(info.socketId, {tlsVersion: {min: 'ssl3', max: 'tls1.2'}}, function(result) {
        logger('secure result: ' + result);
      });
    }
  }
  var addr = 'smtp.gmail.com';
  var port = 25;
  chrome.sockets.tcp.onReceive.addListener(startTLSReceiver);
  chrome.sockets.tcp.create(function(createInfo) {
    chrome.sockets.tcp.connect(createInfo.socketId, addr, port, function(result) {
      chrome.sockets.tcp.send(createInfo.socketId, stringToArrayBuffer('HELO me.com\r\n'), function(result) {
      });
    });
  });
}

I have tested this on Google Chrome 39.0.2171.27 (Official Build) beta. This won't work on iOS for now, since the plugin won't send received data after paused.

[felixhammerl]

ok, interesting...
is there any timeline when this PR is merged, or are you waiting to merge this pull request until the bug is fixed?

[oahziur]

The secure PR has been merged into master. TLS should work for both iOS and Android with setPaused(sockId, true) before making a connection. STARTTLS works for Android only (no pause needed). I will see how chrome desktop fix the bug and try to fix the iOS.

[felixhammerl]

that sounds awesome! i'm looking forward to when we have native tls on all platforms 👍
since we depend on STARTTLS for IMAP/SMTP, we'll stick with forge for handling TLS for the time being.

[felixhammerl]

are there any updates on this?

[oahziur]

@felixhammerl I am waiting on the fix of Chrome desktop, #18 of (https://code.google.com/p/chromium/issues/detail?id=403076)

[felixhammerl]

i already asked this on twitter, apparently the issue has been silently purged? can you confirm this? is google abandoning tcp sockets in chrome apps?

[mmocny]

I think it was a mistake. I've posted a question about it. Not sure what's
up.

On Fri, 27 Feb 2015 15:42 Felix Hammerl notifications@github.com wrote:

i already asked this on twitter
https://twitter.com/felixhammerl/status/571325009693507584, apparently
the issue has been silently purged? can you confirm this? is google
abandoning tcp sockets in chrome apps?

—
Reply to this email directly or view it on GitHub
#269 (comment)
.

[tanx]

Any update on the chrome.sockets.tcp.secure bug?

The chromium issue url (https://code.google.com/p/chromium/issues/detail?id=403076) seems to be broken. But it's still visible in the chromium-bugs google group:

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-bugs/i9qykTWzj6g

This has been a problem for us a while now, since we can't switch to the native TLS stack on iOS and android because of it. We already bugged Matt Gaunt from the Chrome Team when he was in Munich (https://twitter.com/tankredhase/status/573243929333776384). It would be great if someone from the CCA team could also drive this issue from your side :/

thanks

[agrieve]

Thanks for the poke.

Seems its disappearance was in fact a mistake done by an unhelpful bot. I've created a new (public) issue to continue tracking the status of it:
https://code.google.com/p/chromium/issues/detail?id=467677

We'll hopefully get an update about the status soon.

Going to mark this issue as closed since secure was actually implemented on iOS and Android, but feel free to open a new issue for things.

[tanx]

Ok thanks. I have opened a new issue to track the progress: #532

[felixhammerl]

this is a monthly ping to @agrieve and @oahziur about this issue, given that it is now 7 months old ...