SSL compatibility mode

Mark Doliner mark at kingant.net
Sun Apr 14 13:27:40 EDT 2013


On Sat, Nov 24, 2012 at 10:08 AM, Tomasz Wasilczyk
<tomkiewicz.groups at gmail.com> wrote:
> I have just double-checked it, and it seems, that this problem is only
> related to gnutls. Mozilla NSS seems not to be that picky and just
> returns EOF in that case.
>
> Anyway, I'm convinced, that we shouldn't just ignore that error when
> using gnutls, so suggested configuration for ssl is still appropriate,
> even if it doesn't do anything with NSS (because it seems to be
> already in "compatibility mode").

If NSS treats this situation as EOF and we're not experiencing
problems from it, then I think we should change our gnutls ssl plugin
to always treat GNUTLS_E_PREMATURE_TERMINATION as EOF.  Our SSL
plugins should behave as similarly as possible.

I'd prefer to avoid adding
purple_ssl_set_compatibility_level/purple_ssl_get_compatibility_level
unless we're sure there is a use case for it.

> Should I change anything in proposed patch [1]?
> [1] http://pastebin.com/qFYTSWS5

Hmm, what does gnutls_session_enable_compatibility_mode() actually do?
 The man page is very vague.  Is that call needed in order to detect
GNUTLS_E_PREMATURE_TERMINATION?




More information about the Devel mailing list