Trac is being migrated to new services! Issues can be found in our new YouTrack instance and WIKI pages can be found on our website.

Version 5 (modified by John Bailey, 17 years ago) (diff)

--

Frequently Asked Questions About SSL

This information was compiled by Stu Tomlinson with much help from #pidgin.

Note that reconstruction of this page is still underway. More will come soon!

General Notes

Libpurple needs to be compiled with SSL support in order to work with MSN, Novell GroupWise, and some Jabber/XMPP servers which support or require it, such as Google Talk. You will need either GNUTLS and all its dependencies or Mozilla NSS and NSPR.

Mozilla 1.5 will not provide all the pieces for NSPR and NSS due to breakage in Mozilla that prevents the installation of some header (.h) files. You might be able to install mozilla-{nss,nspr}{,-devel} from mozilla 1.4, or install NSS from source, in parallel and link against those for libpurple. Or just use GNUTLS.

OpenSSL is not an option for SSL support in libpurple because the OpenSSL license (a BSD-style license with an advertising clause) is not compatible with the libpurple license (GPL).

Distribution-specific Notes

Debian

Use the Debian packages. If you want to compile from source, run apt-get build-dep pidgin. This will grab all Pidgin's dependencies. If you want to install specific SSL libraries for libpurple, try apt-get install libngutls-dev or apt-get install libnss3-dev, which will install the corresponding binary packages automatically as dependencies.

Note that libgnutls and libgnutls-dev from Debian Woody are known NOT to work.

Fedora Core 1, 2, and 3

Please upgrade to a more recent distribution.

Fedora Core 4, 5, and 6

Use the Pidgin-provided yum repository.

FreeBSD 5.1

Compile from source. See the notes below. As we understand it, GNUTLS no longer works for FreeBSD users; Pidgin will work fine with the NSS from ports (nss-3.8):

~$ cd /usr/ports/net/pidgin ; make WITHOUT_GNUTLS=t WITH_NSS=t WITHOUT_AUDIO=t package clean

Gentoo

Gentoo's Pidgin ebuilds should "Just Work." Before you do anything, sync your Portage package database:

~$ emerge sync

The most recent Pidgin version is usually not in Gentoo stable right away. To ensure you are using the most recent release in Portage, you may add the following line to /etc/portage/package.keywords, using ~ppc, ~sparc, etc instead of ~x86 if you are not using the x86 architecture:

net-im/pidgin ~x86

Portage will build and install the NSS and NSPR packages automatically if you do not have them. Alternatively, if you add the following line to /etc/portage/package.use, Portage will automatically use GNUTLS instead of Mozilla NSS, building and installing GNUTLS if necessary:

net-im/pidgin gnutls

After you are satisfied with your configuration, run the following command to install the latest version available in Portage, along with any needed dependencies:

emerge pidgin

Also, don't forget that emerge is not a transitive verb!

Linux From Scratch

If you're not able to figure this out on your own already, see the notes below on compiling from source.

Mac OS X

You will need to compile from source. Use GNUTLS. Information on GNUTLS with OS X can be found here.

OpenBSD 3.4

Compile from source. See the notes below for GNUTLS versions that have been reported to work.

Red Hat Linux 9 and earlier

Please join this century and upgrade to a newer distribution, such as the current release of Fedora Core.

Slackware 9.1, 10, and 10.1

There are sometimes third-party packages for these Slackware distributions here.

If you would like to build Pidgin from source, and have Mozilla installed, you can try the following. Note that if Mozilla 1.4 is not your installed version, you will need to replace that with the correct version number. Also, at some point, Mozilla 1.7.5 was removed from Slackware-Current and replaced with Mozilla Firefox. This will probably change the exact location for the paths listed.

~/pidgin$ ./configure --with-nss-includes=/usr/include/mozilla-1.4/nss \
> --with-nspr-includes=/usr/include/mozilla-1.4/nspr \
> --with-nss-libs=/usr/lib/mozilla-1.4 \
> --with-nspr-libs=/usr/lib/mozilla-1.4

Also, you'll need to add /usr/lib/mozilla-1.4 (again replacing versions as appropriate) to /etc/ld.so.conf and run ldconfig as root.

Firefox also includes the necessary libraries, so if you have a binary package of Pidgin that was built with SSL support you may be able to add /usr/lib/firefox to /etc/ld.so.conf and run ldconfig as root.

Solaris

Blastwave provides third-party packages for Solaris.

If you use Blastwave's packages and get the error "Fatal: no entropy gathering module detected," make sure that you have installed the Solaris /dev/random patch (Solaris 8 (sparc): 112438, (x86): 112439) and that /dev/random is world-readable.

If you decide to compile from source, make sure you use gmake and gcc instead of Sun's tools.

SuSE 8.2, 9.0, 9.1, 9.2, and 9.3

Third-party RPMs for these SuSE distributions are often available here. These RPMs use GNUTLS for SSL support, but GNUTLS is not provided in SuSE 8.2 or 9.0. Users of these distributions will need to also install GNUTLS, OpenCDK, and libtasn1 from the same site. SuSE 9.1 and later provide GNUTLS, and SuSE's provided GNUTLS should be used on these distributions.

If you wish to use Mozilla NSS with Pidgin, you will need to compile from source using these NSS packages from the same site as the Pidgin RPMs.

Ubuntu 4.10 (Warty) and 5.04 (Hoary)

You will probably need to compile from source. To do so, uninstall any previous versions of Pidgin using apt, synaptic, or similar. Then install libgnutls10-dev via synaptic or apt-get install libgnutls10-dev. Then run Pidgin's configure script with the --enable-gnutls=yes argument.

Windows

Use the Pidgin provided binaries, or follow the Building Windows Pidgin instructions to the letter.

Compiling From Source

I strongly recommend you use pre-packaged binaries where possible, however if you MUST use source, these tips might help you. Either GNUTLS or Mozilla NSS and NSPR will work. I've witnessed more success with NSS and NSPR.

Mozilla NSS and NSPR

Get the NSS and NSPR source package (despite its name, the package includes both NSS and NSPR).

Once NSS and NSPR are built and installed, run Pidgin's configure script similarly to this (replace $INCDIR with the directory the .h files are in and replace $LIBDIR with the directory the .so files are in):

~/pidgin$ ./configure --with-nspr-includes=$INCDIR --with-nspr-libs=$LIBDIR \
> --with-nss-includes=$INCDIR --with-nss-libs=$LIBDIR

If you can't add to /etc/ld.so.conf (or your *nix OS doesn't have one), set the environment variable LD_LIBRARY_PATH instead, either before running Pidgin or (for Bourne and bash shells) on the Pidgin command line, like so:

(csh)
~$ setenv LD_LIBRARY_PATH /usr/lib/mozilla-1.4

(sh/bash)
~$ LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 ; export LD_LIBRARY_PATH

(sh/bash on Pidgin command line)
~$ LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 pidgin

If you have multiple versions of Mozilla installed, you might have some problems with which version is detected by ./configure and which libs are used at runtime. This is because, by default, ./configure uses pkg-config to find the Mozilla NSS and NSPR libs and includes. If you explicitly specify the Mozilla libs and includes to use with the --with-{nss,nspr}-{includes,libs} options to ./configure then pkg-config will not be used, and you might have more success.

The notes below on installing NSS and NSPR as non-root will probably be helpful, even if not exactly what you want.

GNUTLS

IRC user sofar provided this information. You need to compile things in a specific order here--start with libgpg-error, then move onto libgcrypt (which needs libgpg-error), then libtasn1. Once these three are installed, install GNUTLS.

Libopencdk has proven to be a PITA in some respects; don't use it, as it will break GNUTLS. Version 0.9.92 of GNUTLS doesn't compile because the maintainer forgot to include a needed file. Other versions such as 0.9.91 should work fine.

You shouldn't need the --with-gnutls-{includes,libs} arguments to ./configure, as the libs get installed to good locations by default. If you have put GNUTLS in an unusual location, you're on your own there. ;)

For FreeBSD and OpenBSD users, GNUTLS 0.8.10 works, but 0.8.6 doesn't (thanks, synic).

The notes below on installing GNUTLS as non-root may also be helpful, even if not exactly what you want.

Random Questions

(Reconstruction of this page is currently in progress. More to come soon!)

All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!