I discovered that if you try to connect to login.live.com with GNU TLS (I used gnutls-cli) and send any data to it, after a successful connection, when it gets to the end of receiving a response to that data, it throws a GNUTLS_E_UNEXPECTED_PACKET_LENGTH error. I tried the same test on another SSL server (addons.mozilla.org) and it worked fine, so I imagine it's something that login.live.com is doing specifically. I tested it with the version of GNU TLS that comes with Ubuntu 7.10, 8.04 beta, and the 2.3.4 source package from the GNU TLS site, and all of them had the same results.
I went digging through the code and found that the problem seems to be in gnutls_record.c in the function _gnutls_recv_int on line 899 (at least that's the line in version 2.3.4). The line reads:
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
I believe this should be changed to:
if (gnutls_error_is_fatal (ret) == 0)
because the a return value of zero is not fatal, but as the code currently reads it doesn't return (as I think it should).
I tried it and the change seemed to remedy my problem. I'm happy to formalize a patch for it. Although I'm not not sure which format it should be in, where to send it to, or if this post is sufficient.