nss vs gnutls - how does Pidgin choose?

Kevin Kretz kevin at rentec.com
Mon Jul 20 14:51:56 EDT 2015


I've got Openfire XMPP servers running on two different networks.  Today I noticed that linux users on one network were getting an SSL Handshake error when trying to connect Pidgin to the Openfire server.

I also saw that mozilla-nss packages were updated over the weekend.  Our linux systems have both mozilla-nss and gnutls libraries installed; moving purple's ssl-nss.so library seemed to make Pidgin instead use gnutls, and SSL connections worked.

The weird part: the other network has identical versions of linux, openfire, pidgin (OpenSUSE's 2.10.10), and the same recently updated mozilla-nss.   But when I tested pidgin on a few hosts on *that* network, it worked.  When I moved the ssl-gnutls.so file on one of those hosts, I got the same SSL Handshake error that the users on the other network saw.  If I moved both ssl-gnutls.so and ssl-nss.so, Pidgin reported that there was no SSL available (as expected).  So on one network, Pidgin appears to prefer nss - and on the other, gnutls.

How does Pidgin/purple choose which to use if both are available?



More information about the Support mailing list