Feature Requests item #942695, was opened at 2004-04-26 19:18
Message generated for change (Comment added) made by lschiere
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: msn
Group: None
>Status: Closed
Resolution: Works For Me
Priority: 3
Private: No
Submitted By: Szymanski Cyrille (gruime)
Assigned to: Stu Tomlinson (nosnilmot)
Summary: MSN behave like Microsoft Messenger (proxywise) ?

Initial Comment:

MSN Messenger has this odd behaviour :
 * it gets proxy info from IE (fine with me)
 * when attempting to conect via HTTP or SSL it uses
the corresponding proxy entry, if any
 * when attempting to connect using port 1863, it uses
the SOCKS entry, if any.

So if no SOCKS proxy is configured but a SSL one is, it
connects directly to the remote host on port 1863 but
uses the proxy for SSL authentification.

I happen to be on a network where SSL must be proxied
and that allows direct connections to port 1863. The
result is that Gaim never works :
 * it doesn't work if set not to use a proxy because
the SSL connection fails
 * it doesn't work if set to use a HTTP proxy because
the CONNECT tunnel to port 1863 fails

I wanted to add an option (GaimOption) to the
configuration (labelled "MSN Messenger Compatibility
Mode"). I couldn't do this since I need the global
proxy.c module to be aware about such special cases.
Does someone see a nice method to implement this ?

For the time being I am pretty happy with my own
customized version, but I think making this option
public is a good idea.

FYI my patch to proxy.c follows :
in connection_host_resolved() :
/* CNS: treat connections to MSN as direct connections */

in gaim_proxy_connect () :
        /*  CNS: treat connections to MSN as direct
connections */



Comment By: Luke Schierer (lschiere)
Date: 2007-04-20 10:55

Logged In: YES 
Originator: NO

As we are closing this tracker, please submit any feature request that is
still valid to http://developer.pidgin.im.  Thanks. 


Comment By: Felipe Contreras (revo)
Date: 2005-01-30 16:08

Logged In: YES 

So you only need the SSL to be through the proxy?

And excuse my lack of knowledge, how is a proxy set as SSL?


Comment By: Rick Hickerson (rhickers)
Date: 2004-06-23 07:55

Logged In: YES 

I think I have a similar situation.  The company currently
allows direct connect through the firewall for port 1863,
but not port 443.  Currently, both ports also work through
the company proxy server.  However, to reduce the load on
the proxy server, it will be reconfigured soon to disallow
port 1863.

Our proxymaster suggested that I run a local squid on my
linux box to proxy port 1863 directly, and port 443 to the
company proxy server.  I got this working yesterday by
modifying the squid.conf file installed by rpm:

Moved the line containing "http_access allow localhost" up
two lines and added  four lines to the end.  Here are the
non-comment/non-blank lines of my /etc/squid.conf:

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
prefer_direct on
cache_peer <company_proxy_FQDN> parent <proxy_port>
<proxy_port> no-query default
never_direct allow SSL_ports
visible_hostname <my_FQDN>

Then I set proxy for the MSN account to http at,
port 3128.



Comment By: Ferry (freaky2000)
Date: 2004-05-14 03:11

Logged In: YES 

Hey there,

you're patch assumes a gateway I guess. Here we have another
problem, which atleast doesn't bother the 4.7 versions of
the real MSN. Our ISA server doesn't allow the CONNECT
method for SSL connections other than to port 443. The real
messenger doesn't appear to have a problem with this,
probably due to it using GET and/or POST requests instead of
the CONNECT method. If you would like to look into this
please consider looking at RFE 715592. Unfortunately I don't
program enough (yet) to fix this myself.


Comment By: Szymanski Cyrille (gruime)
Date: 2004-04-27 15:29

Logged In: YES 

Ok, here is a patch (no diffs for the moment sorry) that
will add a "MSN Messenger compatibility mode" that will
disable the proxy for connections to the MSN port (but keep
it enabled for everythin else).

This way it functions just like Messenger (well that's not
quite true actually, Messenger would use the SOCKS proxy if


You can respond by visiting: 

This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
Gaim-features mailing list

Reply via email to