1.8 KiB
Simplex.Messaging.Transport.Client
TLS client connection setup: TCP/SOCKS5 connection, TLS handshake, certificate validation, host types.
Source: Transport/Client.hs
ConnectionHandle — three-stage cleanup
ConnectionHandle has three constructors: CHSocket (raw socket), CHContext (TLS context), CHTransport (transport connection). An IORef holds the current handle, updated by set on each successful transition. The E.bracket cleanup function tears down the connection at whatever stage it reached.
SocksIsolateByAuth
SocksIsolateByAuth is the default SOCKS authentication mode. When active, Simplex.Messaging.Client generates SOCKS credentials (SocksCredentials sessionUsername "") where sessionUsername is B64.encode $ C.sha256Hash $ bshow userId <> ... with additional components based on sessionMode (TSMUser, TSMSession, TSMServer, TSMEntity).
The three modes defined here: SocksAuthUsername (explicit credentials), SocksAuthNull (no auth, @ prefix), SocksIsolateByAuth (empty string — credentials generated by the caller).
validateCertificateChain
Validation checks the SHA-256 fingerprint of the identity certificate (extracted via chainIdCaCerts — see Shared.md) against the key hash. If the fingerprint doesn't match, the chain is rejected with UnknownCA. If the fingerprint matches, standard X.509 validation is performed using the CA certificate as trust anchor.
No TLS timeout for client connections
The code comment states: "No TLS timeout to avoid failing connections via SOCKS." transportTimeout is set to Nothing for all client connections via clientTransportConfig.