mirror of
https://github.com/simplex-chat/simplexmq.git
synced 2026-04-26 19:35:14 +00:00
Evgeny @ SimpleX Chat
24 lines
1.8 KiB
Markdown
24 lines
1.8 KiB
Markdown
# Simplex.Messaging.Transport.Client
|
|
|
|
> TLS client connection setup: TCP/SOCKS5 connection, TLS handshake, certificate validation, host types.
|
|
|
|
**Source**: [`Transport/Client.hs`](../../../../../src/Simplex/Messaging/Transport/Client.hs)
|
|
|
|
## ConnectionHandle — three-stage cleanup
|
|
|
|
`ConnectionHandle` has three constructors: `CHSocket` (raw socket), `CHContext` (TLS context), `CHTransport` (transport connection). An `IORef` holds the current handle, updated by `set` on each successful transition. The `E.bracket` cleanup function tears down the connection at whatever stage it reached.
|
|
|
|
## SocksIsolateByAuth
|
|
|
|
`SocksIsolateByAuth` is the default SOCKS authentication mode. When active, [Simplex.Messaging.Client](../Client.md) generates SOCKS credentials (`SocksCredentials sessionUsername ""`) where `sessionUsername` is `B64.encode $ C.sha256Hash $ bshow userId <> ...` with additional components based on `sessionMode` (`TSMUser`, `TSMSession`, `TSMServer`, `TSMEntity`).
|
|
|
|
The three modes defined here: `SocksAuthUsername` (explicit credentials), `SocksAuthNull` (no auth, `@` prefix), `SocksIsolateByAuth` (empty string — credentials generated by the caller).
|
|
|
|
## validateCertificateChain
|
|
|
|
Validation checks the SHA-256 fingerprint of the identity certificate (extracted via `chainIdCaCerts` — see [Shared.md](./Shared.md#chainidcacerts--certificate-chain-semantics)) against the key hash. If the fingerprint doesn't match, the chain is rejected with `UnknownCA`. If the fingerprint matches, standard X.509 validation is performed using the CA certificate as trust anchor.
|
|
|
|
## No TLS timeout for client connections
|
|
|
|
The code comment states: "No TLS timeout to avoid failing connections via SOCKS." `transportTimeout` is set to `Nothing` for all client connections via `clientTransportConfig`.
|