[Pidgin] #3456: TLS handshake error(unexpected length packet) when recieving MSN contact list

Pidgin trac at pidgin.im
Wed Feb 4 12:29:47 EST 2009


#3456: TLS handshake error(unexpected length packet) when recieving MSN contact
list
--------------------------------------+-------------------------------------
 Reporter:  bsdunx                    |           Owner:  khc
     Type:  defect                    |          Status:  new
Milestone:                            |       Component:  MSN
  Version:  2.2.1                     |      Resolution:     
 Keywords:  gnutls tls handshake msn  |   Launchpad_bug:     
--------------------------------------+-------------------------------------

Comment(by gagern):

 Replying to [comment:14 freezy]:
 > rather than catching the failure and retrying, could we do what gnutls-
 cli-debug does and check what protocols a server supports before
 connecting?

 The way gnutls-cli-debug works is this:
  1. Try to connect with TLS 1.1 ''only''. If it works, skip all fallback
 tests.
  2. Try to connect with TLS 1.1, see if it succeeds, report version chosen
 by server
 In both cases, the connection is closed again after the test.

 The bottom line is this: you can't check what version the server supports
 without trying to. And if you try and succeed, you have a connection and
 it would be wasteful to close it just so you can reconnect again with that
 same version.

 There also wouldn't be much to be gained in terms of code simplicity, I
 guess. What makes gnutls-cli-debug as simple as it is is the fact that it
 can afford to block on I/O, so it can use loops and keep information in
 local variables. Pidgin, on the other hand, has to stay responsive while
 establishing a connection in the background. Therefore everything has to
 be done through callbacks triggered when data becomes available on the
 underlying tcp socket. This restriction would hold for a check for
 supported version as well, so you can't simply have a function
 "supports_TLS11" or similar returning bool, as such a function must not
 block.

 BTW: The flag in comment:11 should be PURPLE_SSL_FLAG_NO_TLS11 of course,
 not 10.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/3456#comment:15>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list