* query_cert_chain - callback for letting the user review the certificate before accepting it
*
* gsc: The secure connection used
* err: one of the following:
* errSSLUnknownRootCert—The peer has a valid certificate chain, but the root of the chain is not a known anchor certificate.
* errSSLNoRootCert—The peer's certificate chain was not verifiable to a root certificate.
* errSSLCertExpired—The peer's certificate chain has one or more expired certificates.
* errSSLXCertChainInvalid—The peer has an invalid certificate chain; for example, signature verification within the chain failed, or no certificates were found.
* hostname: The name of the host to be verified (for display purposes)
* certs: an array of values of type SecCertificateRef representing the peer certificate and the certificate chain used to validate it. The certificate at index 0 of the returned array is the peer certificate; the root certificate (or the closest certificate to it) is at the end of the returned array.
* accept_cert: the callback to be called when the user chooses to trust this certificate chain
* reject_cert: the callback to be called when the user does not trust this certificate chain
* userdata: opaque pointer which has to be passed to the callbacks
* Set a flag so we know to explicitly disable TLS 1.1 and 1.2 on our next (immediate) connection attempt for this account.
* Some XMPP servers use buggy TLS stacks that incorrectly report their capabilities, which breaks things with 10.8's new support
* for TLS 1.1 and 1.2.
*/
purple_debug_info("cdsa","SSLHandshake reported that the server rejected our MAC, which most likely means it lied about the TLS versions it supports.");
purple_debug_info("cdsa","Setting a flag in this account to only use TLS 1.0 and below on the next connection attempt.");
staticgbooleanget_cipher_details(PurpleSslConnection*gsc/* IN */,constchar**ssl_info/* OUT */,constchar**name/* OUT */,constchar**mac/* OUT */,constchar**key_exchange/* OUT */){