March 6th, 2006

belize

Net::SSLeay, djabberd, OO SSL....

Is it just me, or is Net::SSLeay a total piece of shit?

The code is terrible, usage feels dirty, docs are terrible/wrong/incomplete. This is really the best Perl option for low-level SSL? I came down this far because all the high-level Perl SSL stuff is worse. I thought, "Oh, maybe they just couldn't use the low-level stuff correctly...." Nope, I don't think I can blame them.

Hackathon idea: new (Object-oriented) SSL library for Perl, wrapping either Net::SSLeay (to start, perhaps) but eventually just some XS around the relatively clean (not perfectly clean) OpenSSL libraries. Even the OpenSSL docs are marked [INCOMPLETE] all over.

I'm here because while I thought we were done with SSL stuff for DJabberd, it turns out we're not. I can connect over SSL with Adium or Gaim, other servers (well, Wildfire, which is really nice) can't connect inbound to it over SSL. I get:

SSL_read 5428: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

After the socket becomes readable after the SSL_accept(). Doesn't seem to matter whether I force TLS, SSLv3, or let it auto-negotiate.