nss vs gnutls - how does Pidgin choose?
Michael McConville
mmcconville at mykolab.com
Mon Jul 20 15:40:27 EDT 2015
On Mon, Jul 20, 2015 at 02:51:56PM -0400, Kevin Kretz wrote:
> I've got Openfire XMPP servers running on two different networks.
> Today I noticed that linux users on one network were getting an SSL
> Handshake error when trying to connect Pidgin to the Openfire server.
>
> I also saw that mozilla-nss packages were updated over the weekend.
> Our linux systems have both mozilla-nss and gnutls libraries
> installed; moving purple's ssl-nss.so library seemed to make Pidgin
> instead use gnutls, and SSL connections worked.
Interesting, I usually hear this the other way around (i.e. there are
usually strange failures in GnuTLS).
> The weird part: the other network has identical versions of linux,
> openfire, pidgin (OpenSUSE's 2.10.10), and the same recently updated
> mozilla-nss. But when I tested pidgin on a few hosts on *that*
> network, it worked. When I moved the ssl-gnutls.so file on one of
> those hosts, I got the same SSL Handshake error that the users on the
> other network saw. If I moved both ssl-gnutls.so and ssl-nss.so,
> Pidgin reported that there was no SSL available (as expected). So on
> one network, Pidgin appears to prefer nss - and on the other, gnutls.
> How does Pidgin/purple choose which to use if both are available?
If I recall correctly:
* GnuTLS is the default on Linux (can be changed with configure
flags)
* NSS is the default on Windows
* both get compiled in if they're available
Looking at configure.ac should answer this more specifically, if you're
familiar with autoconf:
https://hg.pidgin.im/pidgin/main/file/136a5e95a1ad/configure.ac
I'm not sure what's causing the difference you're seeing.
More information about the Support
mailing list