[Pidgin] #11177: Unable to log in to AOL when SSL enabled with clientLogin

Pidgin trac at pidgin.im
Thu Jan 14 13:51:52 EST 2010 

#11177: Unable to log in to AOL when SSL enabled with clientLogin
-----------------------------+----------------------------------------------
 Reporter:  rouilj           |     Owner:  MarkDoliner
     Type:  defect           |    Status:  new        
Component:  AIM              |   Version:  2.6.5      
 Keywords:  SSL clientLogin  |  
-----------------------------+----------------------------------------------
 Hi:

 I am having an issue using SSL to log into AOL with clientLogin
 enabled. Pidgin release is 2.6.5, but I also had this issue with
 2.6.4.

 With the config:

   Advanced account settings:
     host: login.oscar.aol.com (also failed with slogin.oscar.aol.com)
     port: 5190 (also failed with 443)

     checked: use SSL
     checked: use clientLogin
     unchecked: Always use AIM/ICQ proxy server....
     checked: Allow multiple simultaneous logins

 I get the following message:

   Received unexpected response from
     http://api.oscar.aol.com/aim/startOSCARSession

 The debug log shows in part (anonymized and wrapped):

   (13:37:08) account: Connecting to account [some account].
   (13:37:08) dnsquery: Performing DNS lookup for api.screenname.aol.com
   [...]
   (13:37:08) proxy: Attempting connection to 64.12.128.238
   [...]
   (13:37:08) proxy: Connected to api.screenname.aol.com:443.
   [...]
   (13:37:09) oscar: startOSCARSession response statusCode was 400:
   <?xml version="1.0" encoding="UTF-8"?>
   <response
   xmlns="http://developer.aim.com/xsd/aim.xsd">
   <statusCode>400</statusCode>
   <statusText>useTLS=1 is not allowed for non secure
       requests.</statusText>
   <data><ts>1263494229</ts><upgradeData></upgradeData>
   <betaData></betaData></data></response>
   [...]
   (13:37:09) connection: Connection error on 03225FC8 (reason: 16
   description: Received unexpected response from
   http://api.oscar.aol.com/aim/startOSCARSession)

 If I uncheck use SSL I get connected fine. If I uncheck use
 clientLogin, it also works fine. I see there was a bug fix in 2.6.4
 for SSL and clientLogin, but I first saw this issue a couple of days
 ago in the 2.6.4 release. So maybe something changed on the AOL
 side?

 I am currently running with ssl enabled and clientLogin disabled
 assuming this is the most secure settings I can get at the moment.

 -- rouilj

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11177>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list