Intrepid: Pidgin can't connect to MSN - lack of TLS

Bug #263293 reported by StoatWblr on 2008-08-31
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pidgin (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: pidgin

Pidgin 1:2.5.0-0ubuntu2 cannot connect to MSN. Previous versions have had the same problem for about a month. Other packages have the same issue.

Connections can be made using HTTP method, but this is _unreliable_ due to bad responses from the HTTP servers.

Reason: MSN now _requires_ TLS.

Pidgin has been compiled without TLS:

  Arguments to ./configure: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/pidgin' '--disable-maintainer-mode' '--disable-dependency-tracking' '--enable-gevolution' '--enable-cap' '--with-system-ssl-certs=/etc/ssl/certs' '--enable-perl' '--with-zephyr=/usr' '--enable-dbus' '--enable-gnutls=no' '--enable-nss=yes' '--enable-cyrus-sasl' 'build_alias=i486-linux-gnu' 'CC=cc' 'CFLAGS=-fstack-protector' 'LDFLAGS=-Wl,--as-needed' 'CPPFLAGS=' 'CXX=g++' 'CXXFLAGS=-g -O2 -g -Wall -O2' 'FFLAGS=-g -O2'

The fix is to recompile with --enable-gnutls=yes and reissue the package.

Can this be done asap?

Changed in pidgin:
assignee: nobody → stefanlsd
status: New → In Progress
Stefan Lesicnik (stefanlsd) wrote :

Hi,

I am trying to confirm this bug. Pidgin 2.5.0 connects to MSN without any problem.

I know that I do get a gmail certificate i must accept manually each time - although this is now fixed in 2.5.1. If you would like to try 2.5.1 to see if it fixes your problem, you can get it from my PPA.

deb http://ppa.launchpad.net/stefanlsd/ubuntu intrepid main

Stefan

Changed in pidgin:
status: In Progress → Incomplete

Stefan Lesicnik wrote:
> Hi,
>
> I am trying to confirm this bug. Pidgin 2.5.0 connects to MSN without
> any problem.
>
Stefan, please check your MSN profile's advanced setings and see if
you're using "http method"

The http method works for connections, but tends to be unreliable during
messaging sessions.

Thanks
Alan

Stefan Lesicnik (stefanlsd) wrote :

Hi Alan,

Thanks for the reply. My advanced connections was turned off, and I turned it on and reconnected and was able to have MSN conversations without an issue. (I am also running 2.5.1 though). I am not sure what you mean by it tends to be unreliable?

Perhaps you would like to try 2.5.1 from my PPA and see if the error still persists?

Stefan

StoatWblr (stoatwblr) wrote :

Stefan Lesicnik wrote:
> Hi Alan,
>
> Thanks for the reply. My advanced connections was turned off, and I
> turned it on and reconnected and was able to have MSN conversations
> without an issue. (I am also running 2.5.1 though). I am not sure what
> you mean by it tends to be unreliable?
>

If you're behind an ISP who proxy everything then using the http mode
results in periods fo 5-10 minutes at a time where attempting to send
anything results in a connection error.

> Perhaps you would like to try 2.5.1 from my PPA and see if the error
> still persists?
>
I'll give it a try. Have you compiled with TLS enabled?

StoatWblr (stoatwblr) wrote :

Stefan Lesicnik wrote:
> Perhaps you would like to try 2.5.1 from my PPA and see if the error
> still persists?
>

The error persists using your PPA version too.

I can connect using http, but not with a direct connection.

Is there any chance you can compile a test TLS version? Other reports
have indicated that compiling from source with enable-tls=yes solves the
problem. I haven't had a chance to grab sources and try yet.

Regards
Alan

Stefan Lesicnik (stefanlsd) wrote :

Hi,

Thanks for trying the current PPA version. I am busy uploading 2.5.1-0ubuntu2 that is built with gnutls support. Can you try it and see if it fixes your problem?

Thanks

Stefan Lesicnik (stefanlsd) wrote :

I have been reading some information about gnutls and the upstream developers discourage the use of gnutls in favour of nss. I would be interested if the PPA update fixes your issue, but I believe we may have to debug why you are having a issue when it is using nss.

Let me know if gnutls helps, if it does, lets try fix nss.

Stefan Lesicnik (stefanlsd) wrote :

Hi Alan,

Could you please use the current 2.5.1-ubuntu1 and paste the output from your debug window during a connect. (help, debug window)

Changed in pidgin:
status: Incomplete → In Progress
StoatWblr (stoatwblr) wrote :

Stefan Lesicnik wrote:
> Hi Alan,
>
> Could you please use the current 2.5.1-ubuntu1 and paste the output from
> your debug window during a connect. (help, debug window)
>
> ** Changed in: pidgin (Ubuntu)
> Status: Incomplete => In Progress
>
>

This is odd - I'm getting connection refused on messenger.hotmail.com:1863

(10:31:16) *account:* Connecting to account x@y
(10:31:16) *connection:* Connecting. gc = 0xaa38be0
(10:31:16) *msn:* new httpconn (0xabb88e0)
(10:31:16) *dns:* DNS query for 'messenger.hotmail.com' queued
(10:31:16) *dns:* Created new DNS child 28056, there are now 1 children.
(10:31:16) *dns:* Successfully sent DNS request to child 28056
(10:31:16) *dns:* Got response for 'messenger.hotmail.com'
(10:31:16) *dnsquery:* IP resolved for messenger.hotmail.com
(10:31:16) *proxy:* Attempting connection to 65.54.239.20
(10:31:16) *proxy:* Connecting to messenger.hotmail.com:1863 with no proxy
(10:31:16) *proxy:* Connection in progress
(10:31:16) *proxy:* Connected to messenger.hotmail.com:1863.
(10:31:16) *proxy:* Error connecting to messenger.hotmail.com:1863
(Connection refused).
(10:31:16) *proxy:* Connection attempt failed: Connection refused
(10:31:16) *msn:* Connection error: Connection refused
(10:31:16) *msn:* Connection error from Notification server
(messenger.hotmail.com): Unable to connect
(10:31:16) *account:* Disconnecting account 0x9f381a0
(10:31:16) *connection:* Disconnecting connection 0xaa38be0
(10:31:16) *msn:* destroy the OIM 0xb236688
(10:31:16) *msn:* destroy httpconn (0xabb88e0)
(10:31:16) *connection:* Destroying connection 0xaa38be0
(10:31:21) *util:* Writing file accounts.xml to directory /home/alan/.purple
(10:31:21) *util:* Writing file /home/alan/.purple/accounts.xml
**

Stefan Lesicnik (stefanlsd) wrote :

Are you using the MSN - Advanced - Use Http method here?

Can you confirm the address you have in the block for http method. I have

gateway.messenger.hotmail.com

It looks like yours is not using http method.

From my debug without http method

11:55:39) connection: Connecting. gc = 0xa75c800
(11:55:39) msn: new httpconn (0xa7e8068)
(11:55:39) dns: DNS query for 'messenger.hotmail.com' queued
(11:55:39) dns: Created new DNS child 9035, there are now 1 children.
(11:55:39) dns: Successfully sent DNS request to child 9035
(11:55:39) dns: Got response for 'messenger.hotmail.com'
(11:55:39) dnsquery: IP resolved for messenger.hotmail.com
(11:55:39) proxy: Attempting connection to 65.54.239.210
(11:55:39) proxy: Connecting to messenger.hotmail.com:1863 with no proxy
(11:55:39) proxy: Connection in progress
(11:55:39) util: Writing file accounts.xml to directory /home/stefan/.purple
(11:55:39) util: Writing file /home/stefan/.purple/accounts.xml
(11:55:39) util: Writing file blist.xml to directory /home/stefan/.purple
(11:55:39) util: Writing file /home/stefan/.purple/blist.xml
(11:55:39) proxy: Connected to messenger.hotmail.com:1863.

I can also see that my messenger.hotmail.com resolves to 65.54.239.210 while yours is resolving to 65.54.239.20

This could be a regional thing as both of those addresses are listening on port 1863 (test by telnet 65.54.239.20 1863)
With this being said - does your network block outgoing to 65.54.239.20 on port 1863?

If so, try and use the http method and lets look at the debug log.

StoatWblr (stoatwblr) wrote :

Stefan Lesicnik wrote:
> Are you using the MSN - Advanced - Use Http method here?
>
> Can you confirm the address you have in the block for http method. I
> have
>
> gateway.messenger.hotmail.com
>

That's what I have too.

> It looks like yours is not using http method.
>
> >From my debug without http method
>

Mine connects using HTTP, but then has random network error messages.
This appears to be MSN connection errors exacerbated by a (not very)
transparent proxy.

> This could be a regional thing as both of those addresses are listening on port 1863 (test by telnet 65.54.239.20 1863)
> With this being said - does your network block outgoing to 65.54.239.20 on port 1863?

It appears that way. I've verified from several other points and ISPs
around the UK, with things being fine - except from AOL UK/Talk Talk.

I'm trying to get to the bottom of why the ISP is intercepting and
diverting the MSN port to a bogus connection refused, so far there's a
blanket denial they are filtering/blocking anything and a claim "We don't support peer-to-peer networks and request our customers not use them". There's something very odd going on there and I don't like the feel of it.

> If so, try and use the http method and lets look at the debug log.
>

I'm trying to get a time when it's consistently getting problems long
enough for me to shut down all other connections and log the errors.

AB

Stefan Lesicnik (stefanlsd) wrote :

Hi,

Thanks for the update on this bug. I agree with you that it is a problem at your ISP. (Good luck with that fight - maybe just move ISP's)

If you have no objections, I would like to mark this bug as invalid as I don't believe it is a problem with Pidgin, or TLS.

Thanks!

Stefan Lesicnik (stefanlsd) wrote :

Marking as invalid is it not a bug, but rather a problem with upstream ISP.

Changed in pidgin:
assignee: stefanlsd → nobody
status: In Progress → Invalid
Stefan Gruber (gierschner) wrote :

Hi Guys. Got the same Problem since months. The following platforms/combinations got the Problem: Kubuntu 10.04. Using Pidgin 2.7.9. AND Kubuntu 11.04. Using Pidgin Pidgin 2.7.11 (libpurple 2.7.11). Even formating the harddisk and a complete reinstall of Kubuntu didn't change anything. Please Help. Error message: Verbindungsfehler vom Notification-Server:
Die Wartezeit für die Verbindung ist abgelaufen. The event log doesn't show a thing... :-(

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers