[Pidgin] #10314: Unable to connect to AIM

Pidgin trac at pidgin.im
Thu Jan 14 20:00:07 EST 2010 

#10314: Unable to connect to AIM
---------------------------+------------------------------------------------
 Reporter:  jxFive         |        Owner:  MarkDoliner
     Type:  defect         |       Status:  closed     
Milestone:                 |    Component:  AIM        
  Version:  2.6.2          |   Resolution:             
 Keywords:  disconnection  |  
---------------------------+------------------------------------------------

Comment(by TurboBorland):

 I just got this error message today.  My computer died (battery) and when
 I restarted and started Pidgin, everything worked great except for AIM.  I
 got the message:
 Received unexpected response from
 http://api.oscar.aol.com/aim/startOSCARSession

 So, I opened Pidgin's debug window and went to see what was wrong.  After
 searching through a little (other messengers were still open at the time),
 I came across:

 ...
 (18:07:56) util: parsed 286
 (18:07:56) oscar: startOSCARSession response statusCode was 400: <?xml
 version="1.0" encoding="UTF-8"?>
 <response
 xmlns="http://developer.aim.com/xsd/aim.xsd"><statusCode>400</statusCode><statusText>useTLS=1
 is not allowed for non secure
 requests.</statusText><data><ts>1263514339</ts><upgradeData></upgradeData><betaData></betaData></data></response>
 (18:07:56) connection: Connection error on 0x8c1aef0 (reason: 16
 description: Received unexpected response from
 http://api.oscar.aol.com/aim/startOSCARSession)
 (18:07:56) account: Disconnecting account xxxxxxxxxxxxxx (0x8193018)
 (18:07:56) connection: Disconnecting connection 0x8c1aef0
 (18:07:56) oscar: Signed off.
 (18:07:56) connection: Destroying connection 0x8c1aef0
 (18:07:57) msn: S: NS 000: UBX...


 So, from here I saw that it was some kind of option in the client to
 "useTLS=1" for the entire scope of logging into AIM.  As you see, the
 service that is sending the errors and disconnecting me is coming from an
 http site.  However, attempting
 https://api.oscar.aol.com/aim/startOSCARSession does not redirect nor deny
 (just won't do anything because it's not used for this direct purpose) and
 sets up a valid tls session.

 From here, I simply went into my account settings on Pidgin and disabled
 the "use SSL" option.  Now, I was worried that maybe doing this would
 leave some things open or in plaintext that I would not want there.
 Unfortunately, it still requests connections out to
 http://api.oscar.aol.com/aim/startOSCARSession, but it would at least
 connect (did not throw the unrecognizable error message in the xml) and
 everything else also used "SSL" (which was TLS v1.1 for those thinking I
 mean pre-SSL 3.1).

 I have both the debug window log and a wireshark packet capture (from
 which I verified the packets for my beliefs on what's happening).

-- 
Ticket URL: <http://developer.pidgin.im/ticket/10314#comment:5>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list