On Sunday 31 August 2003 10:31, Roman Hoog Antink wrote: > Hi Hi, I didn't write anything of the code related to this, but perhaps it helps until some else replies.
> I'm trying to implement a licq compatible SSL support into micq
> (www.micq.org). I tried to figure out licq's sources but I got stuck.
>
> So here are my questions:
>
> - how is the SSL capability announced exactly to other clients?
>
> I think, it's done with the build-date packet field in conjunction with
> CAP_LICQ.
> - does the CAP_LICQ announce SSL support only or are there other licq
> specific features connected with this CAP?
From user/licq's point of view, it knows that the remote client supports SSL
using ICQUser::SecureChannelSupport(): that only uses the timestamp.
SecureChannelSupport_et ICQUser::SecureChannelSupport()
{
if ((m_nClientTimestamp & 0xFFFF0000) == LICQ_WITHSSL)
return SECURE_CHANNEL_SUPPORTED;
else if ((m_nClientTimestamp & 0xFFFF0000) == LICQ_WITHOUTSSL)
return SECURE_CHANNEL_NOTSUPPORTED;
else
return SECURE_CHANNEL_UNKNOWN;
}
Even, if SECURE_CHANNEL_NOTSUPPORTED or SECURE_CHANNEL_UNKNOWN are returned,
the user still can force the connection, with sucssess. As you may see, the
code assumes that only licq has support for ssl. We should change this....
AFAIK, we don't use CAP_LICQ for anything. There is a patch that adds it to
licq, but is not in the main tree.
> This would mean micq must not announce CAP_LICQ even if licq compatible SSL
> support is available. Otherwise micq - licq connections might get broken
> due to licq's expectations.
>
> - How does the SSL handshake init work exactly from licq's view?
>
> Is the raw SSL client handshake packet detected/parsed by the server or is
> there a special TLSSTART packet sent by licq?
>
> Well, I tried to answer these questions by examining source code and
> network packet dumps but concerning you might save a lot of time.
See, CICQDaemon::icqOpenSecureChannel, CPT_OpenSecureChannel is sended. This
sends a TCP sub command ICQ_CMDxSUB_SECURExOPEN (0x00EF)
>
> There seem to be no common standart about ICQ + SSL out there. So I had to
> decide to which existing SSL method micq should be compatible. I chose licq
> since it might be one of the most widely used linux icq clients. Nice GUI!
Sure, it is a good decision. (AFAIK, there are others clients with ssl support
compatibles with licq). Please tell us how to detect mICQ's SSL versions.
Regards,
Juan.
--
Buenos Aires, Argentina 12°C with winds at 14 km/h NNE
pgp00000.pgp
Description: signature
