flackr
commented
4 years ago As you pointed out I have a similar change https://github.com/flackr/circ/tree/chrome-sockets-tcp-secure. The issue I found when trying this is that chrome.socket requires additional attestation which fails on many SSL irc servers. For example, when connecting to freenode:
/server chat.freenode.net +6697
Socket Error: failed to secure socket: net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED (error 110)
This looks pretty similar to a change by @flackr, but submitting anyway in case there's something I'm missing.
Previously, we relied on a pure javscript ssl implementation called forge for secure sockets. This had a couple of significant downsides:
As a result, secure sockets were not secure.
This solves the problem by using the (present since Chrome 38) secure socket support. This gives you all of the TLS certificate authentication goodness of chrome for free. As a plus, it's also a relatively simple change, so I was able to delete most of the logic for ssl and just add a separate callback for pre secure connect.