SSL compatibility mode

Tomasz Wasilczyk tomkiewicz.groups at gmail.com
Mon Oct 15 15:13:22 EDT 2012


Hi,

I wish, you are not so tired with all my suggestions ;).

I was implementing new HTTP support and I came into a problem: some
servers are not 100% compatible with TLS standard. For example, google
doesn't close its connections gracefully. In such cases, it would be
good to provide "compatibility mode".

I have implemented it [1], but I have one problem: compatibility mode
can be set after getting PurpleSslConnection pointer. It's OK for
purple_ssl_connect, because after exitting from it, no SSL operations
are performed yet (standard TCP connection is made first, so we have
to wait for connection). But within purple_ssl_connect_with_host_fd,
connectfunc is called before exitting it, so we are not able to set
compatibility level just after initializing TLS session. I have some
ideas:

- we may not implement support for
gnutls_session_enable_compatibility_mode (see [1]), leaving just
PURPLE_SSL_COMPATIBILITY_SECURE mode (and fixing google issue)

- we may ignore purple_ssl_connect_with_host_fd in that case (bad idea, I think)

- we may call connectfunc from purple_ssl_connect_with_host_fd in
*next* main loop iteration, with purple_timeout_add(0, ...), allowing
to set compatibility mode before calling connectfunc (I like this the
most)

Please, look though my patch and post any suggestions.

By the way: new HTTP implementation base functionality is now almost ready.

Waiting for comments,
Tomek

[1] http://pastebin.com/qFYTSWS5




More information about the Devel mailing list