SSL compatibility mode
eion at robbmob.com
Mon Oct 15 15:55:56 EDT 2012
You say "For example, google doesn't close its connections
gracefully". What do you mean by that? Do you have a capture of
sent/received HTTP request/responses? Is that when sending the
'Conneciton: close' header, or if it's left out?
On 16 October 2012 08:13, Tomasz Wasilczyk <tomkiewicz.groups at gmail.com> wrote:
> I wish, you are not so tired with all my suggestions ;).
> I was implementing new HTTP support and I came into a problem: some
> servers are not 100% compatible with TLS standard. For example, google
> doesn't close its connections gracefully. In such cases, it would be
> good to provide "compatibility mode".
> I have implemented it , but I have one problem: compatibility mode
> can be set after getting PurpleSslConnection pointer. It's OK for
> purple_ssl_connect, because after exitting from it, no SSL operations
> are performed yet (standard TCP connection is made first, so we have
> to wait for connection). But within purple_ssl_connect_with_host_fd,
> connectfunc is called before exitting it, so we are not able to set
> compatibility level just after initializing TLS session. I have some
> - we may not implement support for
> gnutls_session_enable_compatibility_mode (see ), leaving just
> PURPLE_SSL_COMPATIBILITY_SECURE mode (and fixing google issue)
> - we may ignore purple_ssl_connect_with_host_fd in that case (bad idea, I think)
> - we may call connectfunc from purple_ssl_connect_with_host_fd in
> *next* main loop iteration, with purple_timeout_add(0, ...), allowing
> to set compatibility mode before calling connectfunc (I like this the
> Please, look though my patch and post any suggestions.
> By the way: new HTTP implementation base functionality is now almost ready.
> Waiting for comments,
>  http://pastebin.com/qFYTSWS5
> Devel mailing list
> Devel at pidgin.im
More information about the Devel