| Version 7 (modified by , 17 years ago) (diff) |
|---|
Frequently Asked Questions About SSL
This information was compiled by Stu Tomlinson with much help from #pidgin.
Note that reconstruction of this page is still underway. More will come soon!
General Notes
Libpurple needs to be compiled with SSL support in order to work with MSN, Novell GroupWise, and some Jabber/XMPP servers which support or require it, such as Google Talk. You will need either GNUTLS and all its dependencies or Mozilla NSS and NSPR.
Mozilla 1.5 will not provide all the pieces for NSPR and NSS due to breakage in Mozilla that prevents the installation of some header (.h) files. You might be able to install mozilla-{nss,nspr}{,-devel} from mozilla 1.4, or install NSS from source, in parallel and link against those for libpurple. Or just use GNUTLS.
OpenSSL is not an option for SSL support in libpurple because the OpenSSL license (a BSD-style license with an advertising clause) is not compatible with the libpurple license (GPL).
Distribution-specific Notes
Debian
Use the Debian packages. If you want to compile from source, run apt-get build-dep pidgin. This will grab all Pidgin's dependencies. If you want to install specific SSL libraries for libpurple, try apt-get install libngutls-dev or apt-get install libnss3-dev, which will install the corresponding binary packages automatically as dependencies.
Note that libgnutls and libgnutls-dev from Debian Woody are known NOT to work.
Fedora Core 1, 2, and 3
Please upgrade to a more recent distribution.
Fedora Core 4, 5, and 6
Use the Pidgin-provided yum repository.
FreeBSD 5.1
Compile from source. See the notes below. As we understand it, GNUTLS no longer works for FreeBSD users; Pidgin will work fine with the NSS from ports (nss-3.8):
~$ cd /usr/ports/net/pidgin ; make WITHOUT_GNUTLS=t WITH_NSS=t WITHOUT_AUDIO=t package clean
Gentoo
Gentoo's Pidgin ebuilds should "Just Work." Before you do anything, sync your Portage package database:
~$ emerge sync
The most recent Pidgin version is usually not in Gentoo stable right away. To ensure you are using the most recent release in Portage, you may add the following line to /etc/portage/package.keywords, using ~ppc, ~sparc, etc instead of ~x86 if you are not using the x86 architecture:
net-im/pidgin ~x86
Portage will build and install the NSS and NSPR packages automatically if you do not have them. Alternatively, if you add the following line to /etc/portage/package.use, Portage will automatically use GNUTLS instead of Mozilla NSS, building and installing GNUTLS if necessary:
net-im/pidgin gnutls
After you are satisfied with your configuration, run the following command to install the latest version available in Portage, along with any needed dependencies:
emerge pidgin
Also, don't forget that emerge is not a transitive verb!
Linux From Scratch
If you're not able to figure this out on your own already, see the notes below on compiling from source.
Mac OS X
You will need to compile from source. Use GNUTLS. Information on GNUTLS with OS X can be found here.
OpenBSD 3.4
Compile from source. See the notes below for GNUTLS versions that have been reported to work.
Red Hat Linux 9 and earlier
Please join this century and upgrade to a newer distribution, such as the current release of Fedora Core.
Slackware 9.1, 10, and 10.1
There are sometimes third-party packages for these Slackware distributions here.
If you would like to build Pidgin from source, and have Mozilla installed, you can try the following. Note that if Mozilla 1.4 is not your installed version, you will need to replace that with the correct version number. Also, at some point, Mozilla 1.7.5 was removed from Slackware-Current and replaced with Mozilla Firefox. This will probably change the exact location for the paths listed.
~/pidgin$ ./configure --with-nss-includes=/usr/include/mozilla-1.4/nss \ > --with-nspr-includes=/usr/include/mozilla-1.4/nspr \ > --with-nss-libs=/usr/lib/mozilla-1.4 \ > --with-nspr-libs=/usr/lib/mozilla-1.4
Also, you'll need to add /usr/lib/mozilla-1.4 (again replacing versions as appropriate) to /etc/ld.so.conf and run ldconfig as root.
Firefox also includes the necessary libraries, so if you have a binary package of Pidgin that was built with SSL support you may be able to add /usr/lib/firefox to /etc/ld.so.conf and run ldconfig as root.
Solaris
Blastwave provides third-party packages for Solaris.
If you use Blastwave's packages and get the error "Fatal: no entropy gathering module detected," make sure that you have installed the Solaris /dev/random patch (Solaris 8 (sparc): 112438, (x86): 112439) and that /dev/random is world-readable.
If you decide to compile from source, make sure you use gmake and gcc instead of Sun's tools.
SuSE 8.2, 9.0, 9.1, 9.2, and 9.3
Third-party RPMs for these SuSE distributions are often available here. These RPMs use GNUTLS for SSL support, but GNUTLS is not provided in SuSE 8.2 or 9.0. Users of these distributions will need to also install GNUTLS, OpenCDK, and libtasn1 from the same site. SuSE 9.1 and later provide GNUTLS, and SuSE's provided GNUTLS should be used on these distributions.
If you wish to use Mozilla NSS with Pidgin, you will need to compile from source using these NSS packages from the same site as the Pidgin RPMs.
Ubuntu 4.10 (Warty) and 5.04 (Hoary)
You will probably need to compile from source. To do so, uninstall any previous versions of Pidgin using apt, synaptic, or similar. Then install libgnutls10-dev via synaptic or apt-get install libgnutls10-dev. Then run Pidgin's configure script with the --enable-gnutls=yes argument.
Windows
Use the Pidgin provided binaries, or follow the Building Windows Pidgin instructions to the letter.
Compiling From Source
I strongly recommend you use pre-packaged binaries where possible, however if you MUST use source, these tips might help you. Either GNUTLS or Mozilla NSS and NSPR will work. I've witnessed more success with NSS and NSPR.
Mozilla NSS and NSPR
Get the NSS and NSPR source package (despite its name, the package includes both NSS and NSPR).
Once NSS and NSPR are built and installed, run Pidgin's configure script similarly to this (replace $INCDIR with the directory the .h files are in and replace $LIBDIR with the directory the .so files are in):
~/pidgin$ ./configure --with-nspr-includes=$INCDIR --with-nspr-libs=$LIBDIR \ > --with-nss-includes=$INCDIR --with-nss-libs=$LIBDIR
If you can't add to /etc/ld.so.conf (or your *nix OS doesn't have one), set the environment variable LD_LIBRARY_PATH instead, either before running Pidgin or (for Bourne and bash shells) on the Pidgin command line, like so:
(csh) ~$ setenv LD_LIBRARY_PATH /usr/lib/mozilla-1.4 (sh/bash) ~$ LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 ; export LD_LIBRARY_PATH (sh/bash on Pidgin command line) ~$ LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 pidgin
If you have multiple versions of Mozilla installed, you might have some problems with which version is detected by ./configure and which libs are used at runtime. This is because, by default, ./configure uses pkg-config to find the Mozilla NSS and NSPR libs and includes. If you explicitly specify the Mozilla libs and includes to use with the --with-{nss,nspr}-{includes,libs} options to ./configure then pkg-config will not be used, and you might have more success.
The notes below on installing NSS and NSPR as non-root will probably be helpful, even if not exactly what you want.
GNUTLS
IRC user sofar provided this information. You need to compile things in a specific order here--start with libgpg-error, then move onto libgcrypt (which needs libgpg-error), then libtasn1. Once these three are installed, install GNUTLS.
Libopencdk has proven to be a PITA in some respects; don't use it, as it will break GNUTLS. Version 0.9.92 of GNUTLS doesn't compile because the maintainer forgot to include a needed file. Other versions such as 0.9.91 should work fine.
You shouldn't need the --with-gnutls-{includes,libs} arguments to ./configure, as the libs get installed to good locations by default. If you have put GNUTLS in an unusual location, you're on your own there. ;)
For FreeBSD and OpenBSD users, GNUTLS 0.8.10 works, but 0.8.6 doesn't (thanks, synic).
The notes below on installing GNUTLS as non-root may also be helpful, even if not exactly what you want.
Non-root Including Mozilla NSS and NSPR
Download the NSS and NSPR source and extract it. Then do:
~$ cd nss-3.9.2/mozilla/security/nss nss-3.9.2/mozilla/security/nss$ make nss_build_all nss-3.9.2/mozilla/security/nss$ make install
The Mozilla build system defaults to using the OS-supplied cc even if it's not in the path. If you're compiling on Solaris (and possibly other Unixes), you'll need to force the build to use gcc using the following commands instead:
nss-3.9.2/mozilla/security/nss$ NS_USE_GCC=1 make nss_build_all nss-3.9.2/mozilla/security/nss$ NS_USE_GCC=1 make install
On systems where make is not GNU make, use gmake. The above commands will build the libraries without optimizations and with debugging enabled. To build optimized libraries, use these commands instead:
nss-3.9.2/mozilla/security/nss$ make BUILD_OPT=1 nss_build_all nss-3.9.2/mozilla/security/nss$ make BUILD_OPT=1 install
To install the libraries and necessary headers, do the commands in the following block, but note that they require GNU find and GNU cp. These GNU tools can be found on Sunfreeware.com in the findutils and coreutils packages, respectively. Remember to make sure either that the GNU utilities are in your path before the OS versions or that you explicitly give the full path to the GNU utilities for all of the commands below.
nss-3.9.2/mozilla/security/nss$ mkdir -p $HOME/lib
nss-3.9.2/mozilla/security/nss$ mkdir -p $HOME/include/nspr
nss-3.9.2/mozilla/security/nss$ find ../../dist/*/lib -type l \
> \( -name "*.so" -o -name "*.chk" \) \
> -exec cp -L {} $HOME/lib \;
nss-3.9.2/mozilla/security/nss$ cp -Lr ../../dist/public/* $HOME/include
nss-3.9.2/mozilla/security/nss$ cp -Lr ../../dist/*/include/* $HOME/include/nspr
Now, to compile Pidgin, do the following after downloading and extracting the source:
~/pidgin$ ./configure --prefix=$HOME --with-nss-includes=$HOME/include/nss \ > --with-nspr-includes=$HOME/include/nspr --with-nss-libs=$HOME/lib \ > --with-nspr-libs=$HOME/lib ~/pidgin$ make ~/pidgin$ make install
After the above, you should be able to use Pidgin by running $HOME/bin/pidgin. In some cases it may be necessary to set LD_LIBRARY_PATH=$HOME/lib before running Pidgin.
Non-root Including GNUTLS
These instructions have been tested using the exact same versions of libraries specified in the GNUTLS section above, with the sole exception of libtasn1. GNUTLS includes a version of libtasn1 which seems to work. Install the libraries as follows.
libgpg-error:
~/libgpg-error$ ./configure --prefix=$HOME ~/libgpg-error$ make ~/libgpg-error$ make install
libgcrypt:
# fix the configure script! ~/libgcrypt$ perl -pi -e 's/ --prefix=\$gpg_error_config_prefix//' configure ~/libgcrypt$ ./configure --prefix=$HOME --with-gpg-error-prefix=$HOME ~/libgcrypt$ make ~/libgcrypt$ make install
GNUTLS:
~/gnutls$ LD_LIBRARY_PATH=$HOME/lib ./configure --prefix=$HOME --with-libgcrypt=$HOME ~/gnutls$ make ~/gnutls$ make install
Pidgin:
~/pidgin$ ./configure --prefix=$HOME --enable-gnutls=yes \ > --with-gnutls-libs=$HOME/lib --with-gnutls-includes=$HOME/include ~/pidgin$ make ~/pidgin$ make install
You should now be able to use Pidgin by running $HOME/bin/pidgin. In some cases, it might be necessary to set
LD_LIBRARY_PATH=$HOME/lib before running Pidgin.
Troubleshooting
Random Questions
(Reconstruction of this page is currently in progress. More to come soon!)
