SSL compatibility mode
tomkiewicz.groups at gmail.com
Mon Oct 15 15:13:22 EDT 2012
I wish, you are not so tired with all my suggestions ;).
I was implementing new HTTP support and I came into a problem: some
servers are not 100% compatible with TLS standard. For example, google
doesn't close its connections gracefully. In such cases, it would be
good to provide "compatibility mode".
I have implemented it , but I have one problem: compatibility mode
can be set after getting PurpleSslConnection pointer. It's OK for
purple_ssl_connect, because after exitting from it, no SSL operations
are performed yet (standard TCP connection is made first, so we have
to wait for connection). But within purple_ssl_connect_with_host_fd,
connectfunc is called before exitting it, so we are not able to set
compatibility level just after initializing TLS session. I have some
- we may not implement support for
gnutls_session_enable_compatibility_mode (see ), leaving just
PURPLE_SSL_COMPATIBILITY_SECURE mode (and fixing google issue)
- we may ignore purple_ssl_connect_with_host_fd in that case (bad idea, I think)
- we may call connectfunc from purple_ssl_connect_with_host_fd in
*next* main loop iteration, with purple_timeout_add(0, ...), allowing
to set compatibility mode before calling connectfunc (I like this the
Please, look though my patch and post any suggestions.
By the way: new HTTP implementation base functionality is now almost ready.
Waiting for comments,
More information about the Devel