[Pidgin] #3456: TLS handshake error(unexpected length packet) when recieving MSN contact list

Pidgin trac at pidgin.im
Wed Feb 4 09:01:14 EST 2009 

#3456: TLS handshake error(unexpected length packet) when recieving MSN contact
list
--------------------------------------+-------------------------------------
 Reporter:  bsdunx                    |        Owner:  khc    
     Type:  defect                    |       Status:  closed 
Milestone:                            |    Component:  MSN    
  Version:  2.2.1                     |   Resolution:  invalid
 Keywords:  gnutls tls handshake msn  |  
--------------------------------------+-------------------------------------

Comment(by gagern):

 The kind of workaround I just suggested would require quite a lot of
 modifications to the purple code. From what I can tell, the msn soap code
 is responsible for the connection to MSN_CONTACT_SERVER. These steps might
 get us there:
  1. msn_soap_connection_run in soap.c is where the connection is
 established initially. It should probably remain TLS 1.1 there.
  2. msn_soap_error_cb in soap.c would be the place to recognize the
 PURPLE_SSL_HANDSHAKE_FAILED error and try to fall back in response to
 this.
  3. struct _PurpleSslConnection in sslconn.h would have to have some field
 to store additional information. I'd probably introduce an int bitfield
 "flags" and define a flag "PURPLE_SSL_FLAG_NO_TLS10" or similar for this
 purpose. This flag could be set by the soap code for the second run.
  4. ssl_gnutls_connect in ssl-gnutls.c is where the session is set up. A
 call to [http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html
 #gnutls-protocol-set-priority gnutls_protocol_set_priority] there could be
 used to restrict protocols to GNUTLS_SSL3 and GNUTLS_TLS1_0 if the
 corresponding flag in gsc is set.

 On the whole this is more coding than I can afford the time to implement
 this myself just now. But perhaps my considerations might be useful,
 either as a basis for discussing alternatives in addressing this issue, or
 as a guideline for someone willing to implement it.

 BTW: Can we please have this bug report reopened?

-- 
Ticket URL: <http://developer.pidgin.im/ticket/3456#comment:11>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list