--- a/faq-ssl.txt Wed May 23 19:13:49 2007 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,564 +0,0 @@
-A: This information was compiled by <a href="mailto:stu@nosnilmot.com">Stu Tomlinson</a>-with much help from #pidgin-Read the ChanServ notice? Read the Topic? Read the FAQ?-Still having problems getting SSL to work with Pidgin?-read on, maybe you're in luck. but probably not.-A: Purple needs to be compiled with SSL support to work with MSN, and for-SSL connections on Jabber (where the server supports it). You will need either-GnuTLS (and all its dependencies) or Mozilla NSS & NSPR.-<p>Mozilla 1.5 will not provide all the pieces for NSPR & NSS due to breakage in-Mozilla that misses out some .h files (or something...). You might be able to-install mozilla-{nss,nspr}{,-devel} from 1.4, or install nss from source, in-parallel and link against those for purple. Or just use GnuTLS.</p>-OpenSSL is not an option for SSL support in purple because the OpenSSL -<a href="http://www.openssl.org/source/license.html">license</a>-(BSD-style with advertising clause) is not compatible with the Purple license-(<a href="http://www.gnu.org/licenses/gpl.html">GPL</a>).-!SECTION Distribution Specific Tips-If you want to compile from source, make sure you have-<code>libgnutls11-dev</code> installed. You can ensure you have all the-necessary build dependencies installed by running: <code>apt-get build-dep-Note: libgnutls & libgnutls-dev (from woody) are known to NOT work-Q: Fedora Core (3 & 4)-A: Use the official Fedora Core packages from <a href="http://fedora.redhat.com/download/mirrors.html">-a Fedora Core mirror</a>-Q: Fedora Core (1 & 2)-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">-http://sourceforge.net/project/showfiles.php?group_id=235</a>-A: Gentoo's ebuilds for Pidgin should "Just Work". Before you do-anything, sync your Portage package database:-<pre><code>emerge sync</code></pre>-The most recent Pidgin version is usually not in Gentoo stable. To ensure you-are using the most recent release in Portage, you may add the following line to-<code>/etc/portage/package.keywords</code>. If you are not using x86, replace-"~x86" with your CPU type, such as "~ppc" or "~sparc":-<pre><code>net-im/pidgin ~x86</code></pre>-Portage will build and install the NSS and NSPR packages automatically if you-do not have them. Altenatively, if you add the following line to-<code>/etc/portage/package.use</code>, Portage will automatically use GnuTLS-instead, building and installing it if necessary:-<pre><code>net-im/pidgin gnutls</code></pre>-After you are satisfied with your configuration, run the following command-to install the latest version available in Portage and any dependencies that-<pre><code>emerge pidgin</code></pre>-Also, don't forget that emerge is <b>not</b> a <a href="http://dictionary.reference.com/search?q=transitive%20verb">transitive verb</a>!-A: If you're crazy enough to actually use LFS surely you're crazy enough to-figure this out on your own? (or just see below on compiling from source)-A: There are 3rd party RPMs for Mandrake 10.1 here:-<a href="http://gaim.jesuschrist.be/">http://gaim.jesuschrist.be/</a>-Q: Mandrake (9.2 & 10.0)-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">-http://sourceforge.net/project/showfiles.php?group_id=235</a>-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">-http://sourceforge.net/project/showfiles.php?group_id=235</a>-Q: Red Hat Linux (<9)-A: Please join this century.-Q: Slackware (9.1, 10.0 & 10.1)-A: There are sometimes 3rd party packages for Slackware 9.1, 10.0 and 10.1 here:-<a href="http://www.linuxpackages.net/">http://www.linuxpackages.net/</a>).-These packages may depend on other packages available from the same site.-Or you can use the Pidgin source, with mozilla-1.4 installed (if you have another-version of mozilla, try replacing 1.4 with your version number):-<pre><code>./configure --with-nss-includes=/usr/include/mozilla-1.4/nss \---with-nspr-includes=/usr/include/mozilla-1.4/nspr \
---with-nss-libs=/usr/lib/mozilla-1.4 \
---with-nspr-libs=/usr/lib/mozilla-1.4</code></pre>
-We are told that recently, Slack removed Mozilla-1.7.5 from Slackware-Current-and replaced it with Mozilla-Firefox-1.0.1. This may change the exact-location for the paths above.-Also, you'll need to add /usr/lib/mozilla-1.4 to /etc/ld.so.conf and run ldconfig-If you have Mozilla Firebird installed instead of plain Mozilla 1.4, you-<i>might</i> be able to use the packages mentioned above by adding this-directory to <code>/etc/ld.so.conf</code> and running <code>ldconfig</code> as-<pre><code>/usr/lib/MozillaFirebird-0.7</code></pre>-<p>This has been reported to work with Mozilla Firebird 0.7, other versions-might work but this has not been thoroughly tested.</p>-<p>Firefox also includes the necessary libraries, so if you have a binary package-of Pidgin that was built with SSL support you may be able to add-<code>/usr/lib/firefox</code> to <code>/etc/ld.so.conf</code> and run-<code>ldconfig</code> as root.-Q: SuSE (8.2, 9.0, 9.1, 9.2 & 9.3)-A: There are 3rd party RPMs for SuSE 8.2, 9.0, 9.1 & 9.2 here :-<a href="http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=Network%2Fgaim/">-http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=Network%2Fgaim/</a>-<b>Note</b>: These RPMs use GnuTLS for SSL support, but GnuTLS is not shipped-with SuSE. You can get RPMs of GnuTLS (and OpenCDK & libtasn1, which are-required by GnuTLS) from the same site.-<b>Note2</b>: SuSE >= 9.1 <i>does</i> include GnuTLS, and you should-use the SuSE provided GnuTLS with the Pidgin RPM from the above site.-If you wish to compile Pidgin from source using Mozilla NSS, there-are Mozilla NSS packages available on the same site, here:-<a href="http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=%2FLibraries%2Fmozilla-nss/">-http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=%2FLibraries%2Fmozilla-nss/</a>-Q: Ubuntu (Warty 4.10 & Hoary 5.04)-A: If you want to compile from source, make sure you have-<code>libgnutls10-dev</code> installed.<br/>-Lars-Erik Labori provided a nice easy to follow guide:-First of all, you need to remove the old ubuntu Pidgin version:-<pre><code>$ sudo apt-get remove pidgin</code></pre>-1. You need to download the latest Pidgin source from <a href="/downloads.php">here</a>.<br/>-2. You need to install the GNU TLS library development files:-<pre><code>$ sudo apt-get install libgnutls10-dev</code></pre>-<p>3. Compile Pidgin:</p>-<pre><code>$ ./configure --enable-gnutls=yes-$ sudo make install </code></pre>-Your new Pidgin should be up and running.-A: Compile from source. See the note below on GnuTLS versions that have-been reported to work with *BSD, these tips might also help you:-For i18n to work, you need to have gettext installed. It will probably stuff-itself in /usr/local, so you need to configure like this:-<pre><code>./configure --with-libintl-prefix=/usr/local</code></pre>-Alternatively, if you only need to use English, you can disable i18n (and the-dependancy on gettext) by configuring like so:-<pre><code>./configure --disable-nls</code></pre>-Apparently GnuTLS is no longer working for FreeBSD users (and possibly-others), but it (apparently, again) does work with NSS/NSPR from ports-<pre><code>cd /usr/ports/net/pidgin ; make WITHOUT_GNUTLS=t WITH_NSS=t WITHOUT_AUDIO=t package clean</code></pre>-A: Compile from source. See the note below on GnuTLS versions that have-been reported to work with *BSD, these tips might also help you:-For i18n to work, you need to have gettext installed. It will probably stuff-itself in /usr/local, so you need to configure like this:-<pre><code>./configure --with-libintl-prefix=/usr/local</code></pre>-Alternatively, if you only need to use English, you can disable i18n (and the-dependancy on gettext) by configuring like so:-<pre><code>./configure --disable-nls</code></pre>-A: GnuTLS will get you SSL support, but with some caveats.-See <a href="http://www.pidgin.im/faq2.php#q9">-this faq entry</a> at our Sourceforge forum for some steps towards getting Pidgin running on IRIX.-A: GnuTLS will get you SSL support.-See <a href="http://www.pidgin.im/faq2.php#q10">-this faq entry</a> at our Sourceforge forum for some steps towards getting-Pidgin running on HP-UX.-A: There are 3rd party packages for Solaris here :-<a href="http://www.blastwave.org/">http://www.blastwave.org/</a>-and here : <a href="http://sourceforge.net/project/showfiles.php?group_id=19386&package_id=98537">-http://sourceforge.net/project/showfiles.php?group_id=19386&package_id=98537</a>-If you use the package from blastwave.org and get this error: "Fatal: no-entropy gathering module detected", make sure that you have the Solaris-/dev/random patch installed (Solaris 8 (sparc): 112438, (x86): 112439), and-that /dev/random is world readable.-If you're compiling from source, you must make sure everything is compiled-using gcc and not Sun's cc-A: Information on setting up GnuTLS can be found at: <a href="http://alphamonkey.org/view.php?type=notes&id=309">-http://alphamonkey.org/view.php?type=notes&id=309</a>-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">-http://sourceforge.net/project/showfiles.php?group_id=235</a>-A: The Pidgin Autopackage needs either GnuTLS, or Mozilla NSS & NSPR, just like any other form of Pidgin.-However, currently it requires a version of GnuTLS with an soversion of 11. A good way to find out is:-<pre><code>/sbin/ldconfig -p | grep libgnutls</code></pre>-and to look for a "libgnutls.so.11".-If you have some other version (version 10 is common), it won't install, unless you have Mozilla NSS & NSPR-for it to use instead. You may need to edit either the file /etc/ld.so.conf or the enviromental variable-LD_LIBRARY_PATH in order for it to find NSS & NSPR, however, because Mozilla NSS & NSPR are often installed-at some place like /usr/lib/mozilla-{version} or /usr/lib/firefox-{version}. See also the hints here for your specific-Q: SCO (anything, anyversion)-A: You're kidding, right? This stuff is licensed under the GPL, and SCO don't-<p>If that isn't enough to get you to use a decent OS, consider this:</p>-<blockquote><p>"If Darl McBride was in charge, he'd probably make marriage-unconstitutional too, since clearly it de-emphasizes the commercial nature-of normal human interaction, and probably is a major impediment to the-commercial growth of prostitution."</p>-<div style="text-align: right;">- Linus Torvalds, December 5th 2003.</div>-<p>(Darl McBride is CEO of The SCO Group)</p>-!SECTION Compiling from source-A: I strongly recommend you use pre-packaged binaries where possible, however if you MUST-use source, these tips might help you. GnuTLS is the (developers) preferred-option, but I've witnessed more success with Mozilla NSS & NSPR-Q: Mozilla NSS & NSPR-A: Mozilla NSS & NSPR can be found here:<br />-<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz ">-ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz</a>-(despite it's name, it contains both NSS & NSPR)-<pre><code>--with-{nss,nspr}-includes should point to the directory with the .h files in (eg. nspr.h)---with-{nss,nspr}-libs should point to the directory with the .so files in (eg. libnss3.so)</code></pre>
-<p>If you can't add to <code>/etc/ld.so.conf</code> (or your (*nix) OS doesn't have one) set-the <code>LD_LIBRARY_PATH</code> environment variable instead, either before running Pidgin or-(for bourne shell & bash) on the Pidgin command line, eg.-<pre><code>setenv LD_LIBRARY_PATH /usr/lib/mozilla-1.4</code></pre>-<pre><code>LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 ; export LD_LIBRARY_PATH</code></pre>-or sh/bash: run Pidgin with this command:-<pre><code>LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 pidgin</code></pre>-If you have multiple versions of Mozilla installed, you might have some-problems with which version is detected by <code>./configure</code> and which-libs are used at runtime. This is because, by default,-<code>./configure</code> uses pkg-config to find the Mozilla NSS & NSPR-libs and includes. If you explicitly specify the Mozilla libs and includes-to use with the --with-nss etc. options to <code>./configure</code> then-pkg-config will not be used, and you might have more success.-The notes below on installing Mozilla NSS & NSPR might also help.-A: Thanks to sofar on #pidgin for this:-Here's a list in the proper order which you need to install/compile, the-versions and links I give compile normally on a reasonably clean system.-libgpg-error (needed by libgcrypt):-<a href="ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/libgpg-error-0.5.tar.gz">-ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/libgpg-error-0.5.tar.gz</a>-libgcrypt (needed by GnuTLS):-<a href="ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.43.tar.gz">-ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.43.tar.gz</a>-libtasn1 (needed by GnuTLS):-<a href="ftp://ftp.gnutls.org/pub/gnutls/libtasn1/attic/libtasn1-0.2.6.tar.gz">-ftp://ftp.gnutls.org/pub/gnutls/libtasn1/attic/libtasn1-0.2.6.tar.gz</a>-GnuTLS (needed by Pidgin):-<a href="ftp://ftp.gnutls.org/pub/gnutls/attic/gnutls-0.9.91.tar.gz">-ftp://ftp.gnutls.org/pub/gnutls/attic/gnutls-0.9.91.tar.gz</a>-libopencdk is a PITA, don't use it, GnuTLS will break. Also version 0.9.92 of-GnuTLS doesn't compile because the maintainer forgot to add 1 file needed. 0.9.91-You shouldn't need to pass any --with-xxx-libs/include to Pidgin since everything is-by default put in the normal include/lib dirs on my system. If you put any of the libs in-obscure places you are daft, just don't do that ;^).-For FreeBSD (and, it seems, OpenBSD) users:-<blockquote><p><synic> ok, gnutls 0.8.10 officially works on FreeBSD<br />-<synic> and 0.8.6 doesn't :)</p></blockquote>-The notes below on installing GnuTLS as non-root might also help.-Q: Non-root (mozilla-{nss,nspr} or GnuTLS already installed)-A: If you don't have root access on the system you're trying to install Pidgin -on, you need to configure Pidgin to install under your home directory.-<pre><code>./configure --prefix=$HOME</code></pre>-If there are additional dependancies required that are not installed on-the system, you'll need to install those in a similar manner and pass the-correct locations to Pidgin's ./configure as shown in the next sections.-Q: Non-root including mozilla-{nss,nspr}-A: Download NSS & NSPR source from here:-<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz ">-ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz</a>-Extract nss-3.9.2.tar.gz-<pre><code>cd nss-3.9.2/mozilla/security/nss-make install</code></pre>-<p>If compiling on Solaris (and maybe other Unixes), the Mozilla build system-defaults to using the OS supplied cc even if it's not in the path. You must-force the build to use gcc using these make commands instead of the above.-Also, make sure you have a relatively recent gcc (3.2.x has been reported to-work, 3.1.x has been reported to fail). Thanks to Bill Tompkins for these-NS_USE_GCC=1 make nss_build_all-NS_USE_GCC=1 make install</code></pre>-On systems where make is not GNU make, use gmake. The above commands will-build the libraries without optimizations and with debugging enabled. To build-optimized libraries use these commands:-make BUILD_OPT=1 nss_build_all-make BUILD_OPT=1 install</code></pre>-<pre><code>mkdir -p $HOME/lib-mkdir -p $HOME/include/nspr-find ../../dist/*/lib -type l \- \( -name "*.so" -o -name "*.chk" \) \- -exec cp -L {} $HOME/lib \;-cp -Lr ../../dist/public/* $HOME/include-cp -Lr ../../dist/*/include/* $HOME/include/nspr</code></pre>-The above lines require GNU find & GNU cp, on Solaris you can get these from-<a href="http://www.sunfreeware.com/">Sunfreeware.com</a> in the findutils and-coreutils packages (remember to make sure the GNU commands are in your path-before the OS versions).-<pre><code>./configure --prefix=$HOME \---with-nss-includes=$HOME/include/nss \
---with-nspr-includes=$HOME/include/nspr \
---with-nss-libs=$HOME/lib \
---with-nspr-libs=$HOME/lib
-make install</code></pre>-You should now be able to use Pidgin by running <code>$HOME/bin/pidgin</code><br />-In some cases, it might be necessary to set-<code>LD_LIBRARY_PATH=$HOME/lib</code>-Q: Non-root including GnuTLS-A: This has been tested using the exact same versions of applications specified-above in the GnuTLS section, with the exception of libtasn1 (GnuTLS actually-includes a version of libtasn1 which seems to work).-<pre><code>./configure --prefix=$HOME-make install</code></pre>-<pre><code># fix the configure script!-perl -pi -e 's/ --prefix=\$gpg_error_config_prefix//' configure-./configure --prefix=$HOME --with-gpg-error-prefix=$HOME-make install</code></pre>-<pre><code>LD_LIBRARY_PATH=$HOME/lib ./configure \- --prefix=$HOME --with-libgcrypt=$HOME-make install</code></pre>-<pre><code>./configure --prefix=$HOME --enable-gnutls=yes \---with-gnutls-libs=$HOME/lib \
---with-gnutls-includes=$HOME/include
-make install</code></pre>-You should now be able to use Pidgin by running <code>$HOME/bin/pidgin</code><br />-In some cases, it might be necessary to set-<code>LD_LIBRARY_PATH=$HOME/lib</code>-before running Pidgin (this was not necessary on the tested system)-!SECTION Troubleshooting-A: ./configure will tell you when it is finished what SSL implementation-is going to be used. You will get one of these 4 lines:-<pre><code>SSL Library/Libraries......... : None-SSL Library/Libraries......... : Mozilla NSS-SSL Library/Libraries......... : GnuTLS-SSL Library/Libraries......... : Mozilla NSS and GnuTLS</code></pre>-It should be fairly obvious that if it says "None", it is not going to work-for you, so you should fix that by making sure you're passing the right---with-xxx-libs & --with-xxx-includes as described above before even bothering
-to try "make".-A: If <code>./configure</code> said it was going to compile with SSL but-the make fails to build, it is likely that you have a broken installation of-the chosen SSL libs. If you did not specify any --with-xxx-libs or---with-xxx-includes when running configure, try explicitly pointing it at your
-SSL libs & includes.-If it still fails during <code>make</code>, you should probably try the other-SSL option and explictly disable the one that failed with-<code>--enable-nss=no</code> or <code>--enable-gnutls=no</code> as appropriate.-A: If you've managed to build Pidgin, with SSL support reported by-<code>./configure</code> and without any build failures, but when running it-still complains, there are a few things you can try.-Make sure that you only have one copy of Pidgin installed, it is possible that-there is another one in your path that does not have SSL support. You can-check which Pidgin is being run with "<code>which pidgin</code>", or you-can be sure to run the version you've just compiled by specifiying the full-path to it. Note: <code>./configure</code> will warn you if it finds an old-version of Pidgin already installed.-If you are sure that you are running your freshly compiled Pidgin, check Pidgin's-SSL plugin is actually linked to the necessary libs. If you compiled with-Mozilla NSS, you can do this (replace /usr/local/lib with the prefix you-<pre><code>$ ldd /usr/local/lib/purple/ssl-nss.so-libnsl.so.1 => /lib/libnsl.so.1 (0x40023000)-libc.so.6 => /lib/i686/libc.so.6 (0x42000000)-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)</code></pre>-That one is NOT linked against NSS, and will not work. Go back to the-beginning and try again (or, if you also compiled with GnuTLS, keep reading).-<pre><code>$ ldd /usr/local/lib/purple/ssl-nss.so-libnss3.so => /usr/lib/libnss3.so (0x4004e000)-libsmime3.so => /usr/lib/libsmime3.so (0x400b0000)-libssl3.so => /usr/lib/libssl3.so (0x400d0000)-libsoftokn3.so => /usr/lib/libsoftokn3.so (0x400f0000)-libpthread.so.0 => /lib/i686/libpthread.so.0 (0x40155000)-libdl.so.2 => /lib/libdl.so.2 (0x401a5000)-libnsl.so.1 => /lib/libnsl.so.1 (0x401a8000)-libc.so.6 => /lib/i686/libc.so.6 (0x42000000)-libplc4.so => /usr/lib/libplc4.so (0x401bf000)-libplds4.so => /usr/lib/libplds4.so (0x401c4000)-libnspr4.so => /usr/lib/libnspr4.so (0x401c7000)-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)</code></pre>-That one is linked against the necessary things, and all libs were found. If-any of the bits on the right say "not found", then the compile worked but the-libs cannot be found by the dynamic loader. See notes above about-<code>/etc/ld.so.conf</code>, <code>ldconfig</code> and the LD_LIBRARY_PATH-If you compiled with GnuTLS (or both), the steps to check the purple SSL plugin-are similar to above, except the file to check is <code>ssl-gnutls.so</code>.-The output should look like this if all is good:-<pre><code>$ ldd /usr/local/lib/purple/ssl-gnutls.so-libgnutls.so.8 => /usr/lib/libgnutls.so.8 (0x40003000)-libgcrypt.so.7 => /usr/lib/libgcrypt.so.7 (0x4005e000)-libnsl.so.1 => /lib/libnsl.so.1 (0x400c6000)-libc.so.6 => /lib/i686/libc.so.6 (0x42000000)-libz.so.1 => /usr/lib/libz.so.1 (0x400dc000)-libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x400ea000)-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)</code></pre>-For completeness, here's the output if it can't find some of the libs:-<pre><code>libgnutls.so.8 => not found-libgcrypt.so.7 => not found-libnsl.so.1 => /lib/libnsl.so.1 (0x002b7000)-libc.so.6 => /lib/tls/libc.so.6 (0x004f4000)-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x0088d000)</code></pre>