SSL compatibility mode

[Eion Robb]

You say "For example, google doesn't close its connections
gracefully".  What do you mean by that?  Do you have a capture of
sent/received HTTP request/responses?  Is that when sending the
'Conneciton: close' header, or if it's left out?

Cheers,
Eion

On 16 October 2012 08:13, Tomasz Wasilczyk <tomkiewicz.groups at gmail.com> wrote:
> Hi,
>
> I wish, you are not so tired with all my suggestions ;).
>
> I was implementing new HTTP support and I came into a problem: some
> servers are not 100% compatible with TLS standard. For example, google
> doesn't close its connections gracefully. In such cases, it would be
> good to provide "compatibility mode".
>
> I have implemented it [1], but I have one problem: compatibility mode
> can be set after getting PurpleSslConnection pointer. It's OK for
> purple_ssl_connect, because after exitting from it, no SSL operations
> are performed yet (standard TCP connection is made first, so we have
> to wait for connection). But within purple_ssl_connect_with_host_fd,
> connectfunc is called before exitting it, so we are not able to set
> compatibility level just after initializing TLS session. I have some
> ideas:
>
> - we may not implement support for
> gnutls_session_enable_compatibility_mode (see [1]), leaving just
> PURPLE_SSL_COMPATIBILITY_SECURE mode (and fixing google issue)
>
> - we may ignore purple_ssl_connect_with_host_fd in that case (bad idea, I think)
>
> - we may call connectfunc from purple_ssl_connect_with_host_fd in
> *next* main loop iteration, with purple_timeout_add(0, ...), allowing
> to set compatibility mode before calling connectfunc (I like this the
> most)
>
> Please, look though my patch and post any suggestions.
>
> By the way: new HTTP implementation base functionality is now almost ready.
>
> Waiting for comments,
> Tomek
>
> [1] http://pastebin.com/qFYTSWS5
>
> _______________________________________________
> Devel mailing list
> Devel at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/devel