XEP-0368 SRV records for XMPP over TLS

[pulkomandy]

​https://xmpp.org/extensions/xep-0368.html

We should look for an SRV record for xmpps-client and if there is one, use it to connect directly using TLS (no need to first open a cleartext connection and then use starttls)

It's possible using ConnectionTLS in gloox but we need to manually check the SRV record to decide to use it. The advantage is faster connection (no need for starttls) and more privacy and esilience to proxy servers (since it's fully TLS, it can go through places where only https is allowed)

[pulkomandy]

I was a bit confused about how this works, so here are some notes:

• Given a JID entered in the login window: someone@example.org
• Extract the domain: example.org
• Prepend the service name: _xmpp-client._tcp.example.org
• Request SRV records for that domain: dig +short _xmpps-client._tcp.example.org SRV
• The response will be something like: 10 0 5223 xmpp.example.org

This is decoded as a priority, weight, port number, and target address.

We should take the reply with the lowest priority, if there are multiple ones, select one randomly depending on the weight (higher weight more likely to be selected), and connect using the given port and domain.

We should check both _xmpps-client and _xmpp-client entries, for the latter, SSL must be established with STARTLS, for the former we can start directly in SSL, which removes the need for channel binding.

However, we must make sure to use SNI and ALPN to indicate what we are trying to connect to (the idea is to do everything over TCP port 443, and use SSL records to decide what protocol and server is being dialed)

Gloox DNS client already knows how to resolve DNS SRV records, but it uses only the xmpp-client ones. So we need to add the xmpps-client ones, select that one if available, and otherwise use the default connection method.

[pulkomandy]

Done in a32c7426d319dbd75009f0fcaac1efcea7ce5b8b