--- a/faq-ssl.txt Wed May 23 19:13:49 2007 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,564 +0,0 @@
-A: This information was compiled by <a href="mailto:stu@nosnilmot.com">Stu Tomlinson</a>
-with much help from #pidgin
-Read the ChanServ notice? Read the Topic? Read the FAQ?
-Still having problems getting SSL to work with Pidgin?
-read on, maybe you're in luck. but probably not.
-A: Purple needs to be compiled with SSL support to work with MSN, and for
-SSL connections on Jabber (where the server supports it). You will need either
-GnuTLS (and all its dependencies) or Mozilla NSS & NSPR.
-<p>Mozilla 1.5 will not provide all the pieces for NSPR & NSS due to breakage in
-Mozilla that misses out some .h files (or something...). You might be able to
-install mozilla-{nss,nspr}{,-devel} from 1.4, or install nss from source, in
-parallel and link against those for purple. Or just use GnuTLS.</p>
-OpenSSL is not an option for SSL support in purple because the OpenSSL
-<a href="http://www.openssl.org/source/license.html">license</a>
-(BSD-style with advertising clause) is not compatible with the Purple license
-(<a href="http://www.gnu.org/licenses/gpl.html">GPL</a>).
-!SECTION Distribution Specific Tips
-If you want to compile from source, make sure you have
-<code>libgnutls11-dev</code> installed. You can ensure you have all the
-necessary build dependencies installed by running: <code>apt-get build-dep
-Note: libgnutls & libgnutls-dev (from woody) are known to NOT work
-Q: Fedora Core (3 & 4)
-A: Use the official Fedora Core packages from <a href="http://fedora.redhat.com/download/mirrors.html">
-a Fedora Core mirror</a>
-Q: Fedora Core (1 & 2)
-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">
-http://sourceforge.net/project/showfiles.php?group_id=235</a>
-A: Gentoo's ebuilds for Pidgin should "Just Work". Before you do
-anything, sync your Portage package database:
-<pre><code>emerge sync</code></pre>
-The most recent Pidgin version is usually not in Gentoo stable. To ensure you
-are using the most recent release in Portage, you may add the following line to
-<code>/etc/portage/package.keywords</code>. If you are not using x86, replace
-"~x86" with your CPU type, such as "~ppc" or "~sparc":
-<pre><code>net-im/pidgin ~x86</code></pre>
-Portage will build and install the NSS and NSPR packages automatically if you
-do not have them. Altenatively, if you add the following line to
-<code>/etc/portage/package.use</code>, Portage will automatically use GnuTLS
-instead, building and installing it if necessary:
-<pre><code>net-im/pidgin gnutls</code></pre>
-After you are satisfied with your configuration, run the following command
-to install the latest version available in Portage and any dependencies that
-<pre><code>emerge pidgin</code></pre>
-Also, don't forget that emerge is <b>not</b> a <a href="http://dictionary.reference.com/search?q=transitive%20verb">transitive verb</a>!
-A: If you're crazy enough to actually use LFS surely you're crazy enough to
-figure this out on your own? (or just see below on compiling from source)
-A: There are 3rd party RPMs for Mandrake 10.1 here:
-<a href="http://gaim.jesuschrist.be/">http://gaim.jesuschrist.be/</a>
-Q: Mandrake (9.2 & 10.0)
-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">
-http://sourceforge.net/project/showfiles.php?group_id=235</a>
-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">
-http://sourceforge.net/project/showfiles.php?group_id=235</a>
-Q: Red Hat Linux (<9)
-A: Please join this century.
-Q: Slackware (9.1, 10.0 & 10.1)
-A: There are sometimes 3rd party packages for Slackware 9.1, 10.0 and 10.1 here:
-<a href="http://www.linuxpackages.net/">http://www.linuxpackages.net/</a>).
-These packages may depend on other packages available from the same site.
-Or you can use the Pidgin source, with mozilla-1.4 installed (if you have another
-version of mozilla, try replacing 1.4 with your version number):
-<pre><code>./configure --with-nss-includes=/usr/include/mozilla-1.4/nss \
---with-nspr-includes=/usr/include/mozilla-1.4/nspr \
---with-nss-libs=/usr/lib/mozilla-1.4 \
---with-nspr-libs=/usr/lib/mozilla-1.4</code></pre>
-We are told that recently, Slack removed Mozilla-1.7.5 from Slackware-Current
-and replaced it with Mozilla-Firefox-1.0.1. This may change the exact
-location for the paths above.
-Also, you'll need to add /usr/lib/mozilla-1.4 to /etc/ld.so.conf and run ldconfig
-If you have Mozilla Firebird installed instead of plain Mozilla 1.4, you
-<i>might</i> be able to use the packages mentioned above by adding this
-directory to <code>/etc/ld.so.conf</code> and running <code>ldconfig</code> as
-<pre><code>/usr/lib/MozillaFirebird-0.7</code></pre>
-<p>This has been reported to work with Mozilla Firebird 0.7, other versions
-might work but this has not been thoroughly tested.</p>
-<p>Firefox also includes the necessary libraries, so if you have a binary package
-of Pidgin that was built with SSL support you may be able to add
-<code>/usr/lib/firefox</code> to <code>/etc/ld.so.conf</code> and run
-<code>ldconfig</code> as root.
-Q: SuSE (8.2, 9.0, 9.1, 9.2 & 9.3)
-A: There are 3rd party RPMs for SuSE 8.2, 9.0, 9.1 & 9.2 here :
-<a href="http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=Network%2Fgaim/">
-http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=Network%2Fgaim/</a>
-<b>Note</b>: These RPMs use GnuTLS for SSL support, but GnuTLS is not shipped
-with SuSE. You can get RPMs of GnuTLS (and OpenCDK & libtasn1, which are
-required by GnuTLS) from the same site.
-<b>Note2</b>: SuSE >= 9.1 <i>does</i> include GnuTLS, and you should
-use the SuSE provided GnuTLS with the Pidgin RPM from the above site.
-If you wish to compile Pidgin from source using Mozilla NSS, there
-are Mozilla NSS packages available on the same site, here:
-<a href="http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=%2FLibraries%2Fmozilla-nss/">
-http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=%2FLibraries%2Fmozilla-nss/</a>
-Q: Ubuntu (Warty 4.10 & Hoary 5.04)
-A: If you want to compile from source, make sure you have
-<code>libgnutls10-dev</code> installed.<br/>
-Lars-Erik Labori provided a nice easy to follow guide:
-First of all, you need to remove the old ubuntu Pidgin version:
-<pre><code>$ sudo apt-get remove pidgin</code></pre>
-1. You need to download the latest Pidgin source from <a href="/downloads.php">here</a>.<br/>
-2. You need to install the GNU TLS library development files:
-<pre><code>$ sudo apt-get install libgnutls10-dev</code></pre>
-<p>3. Compile Pidgin:</p>
-<pre><code>$ ./configure --enable-gnutls=yes
-$ sudo make install </code></pre>
-Your new Pidgin should be up and running.
-A: Compile from source. See the note below on GnuTLS versions that have
-been reported to work with *BSD, these tips might also help you:
-For i18n to work, you need to have gettext installed. It will probably stuff
-itself in /usr/local, so you need to configure like this:
-<pre><code>./configure --with-libintl-prefix=/usr/local</code></pre>
-Alternatively, if you only need to use English, you can disable i18n (and the
-dependancy on gettext) by configuring like so:
-<pre><code>./configure --disable-nls</code></pre>
-Apparently GnuTLS is no longer working for FreeBSD users (and possibly
-others), but it (apparently, again) does work with NSS/NSPR from ports
-<pre><code>cd /usr/ports/net/pidgin ; make WITHOUT_GNUTLS=t WITH_NSS=t WITHOUT_AUDIO=t package clean</code></pre>
-A: Compile from source. See the note below on GnuTLS versions that have
-been reported to work with *BSD, these tips might also help you:
-For i18n to work, you need to have gettext installed. It will probably stuff
-itself in /usr/local, so you need to configure like this:
-<pre><code>./configure --with-libintl-prefix=/usr/local</code></pre>
-Alternatively, if you only need to use English, you can disable i18n (and the
-dependancy on gettext) by configuring like so:
-<pre><code>./configure --disable-nls</code></pre>
-A: GnuTLS will get you SSL support, but with some caveats.
-See <a href="http://www.pidgin.im/faq2.php#q9">
-this faq entry</a> at our Sourceforge forum for some steps towards getting Pidgin running on IRIX.
-A: GnuTLS will get you SSL support.
-See <a href="http://www.pidgin.im/faq2.php#q10">
-this faq entry</a> at our Sourceforge forum for some steps towards getting
-Pidgin running on HP-UX.
-A: There are 3rd party packages for Solaris here :
-<a href="http://www.blastwave.org/">http://www.blastwave.org/</a>
-and here : <a href="http://sourceforge.net/project/showfiles.php?group_id=19386&package_id=98537">
-http://sourceforge.net/project/showfiles.php?group_id=19386&package_id=98537</a>
-If you use the package from blastwave.org and get this error: "Fatal: no
-entropy gathering module detected", make sure that you have the Solaris
-/dev/random patch installed (Solaris 8 (sparc): 112438, (x86): 112439), and
-that /dev/random is world readable.
-If you're compiling from source, you must make sure everything is compiled
-using gcc and not Sun's cc
-A: Information on setting up GnuTLS can be found at: <a href="http://alphamonkey.org/view.php?type=notes&id=309">
-http://alphamonkey.org/view.php?type=notes&id=309</a>
-A: Use the Pidgin provided packages : <a href="http://sourceforge.net/project/showfiles.php?group_id=235">
-http://sourceforge.net/project/showfiles.php?group_id=235</a>
-A: The Pidgin Autopackage needs either GnuTLS, or Mozilla NSS & NSPR, just like any other form of Pidgin.
-However, currently it requires a version of GnuTLS with an soversion of 11. A good way to find out is:
-<pre><code>/sbin/ldconfig -p | grep libgnutls</code></pre>
-and to look for a "libgnutls.so.11".
-If you have some other version (version 10 is common), it won't install, unless you have Mozilla NSS & NSPR
-for it to use instead. You may need to edit either the file /etc/ld.so.conf or the enviromental variable
-LD_LIBRARY_PATH in order for it to find NSS & NSPR, however, because Mozilla NSS & NSPR are often installed
-at some place like /usr/lib/mozilla-{version} or /usr/lib/firefox-{version}. See also the hints here for your specific
-Q: SCO (anything, anyversion)
-A: You're kidding, right? This stuff is licensed under the GPL, and SCO don't
-<p>If that isn't enough to get you to use a decent OS, consider this:</p>
-<blockquote><p>"If Darl McBride was in charge, he'd probably make marriage
-unconstitutional too, since clearly it de-emphasizes the commercial nature
-of normal human interaction, and probably is a major impediment to the
-commercial growth of prostitution."</p>
-<div style="text-align: right;">- Linus Torvalds, December 5th 2003.</div>
-<p>(Darl McBride is CEO of The SCO Group)</p>
-!SECTION Compiling from source
-A: I strongly recommend you use pre-packaged binaries where possible, however if you MUST
-use source, these tips might help you. GnuTLS is the (developers) preferred
-option, but I've witnessed more success with Mozilla NSS & NSPR
-Q: Mozilla NSS & NSPR
-A: Mozilla NSS & NSPR can be found here:<br />
-<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz ">
-ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz</a>
-(despite it's name, it contains both NSS & NSPR)
-<pre><code>--with-{nss,nspr}-includes should point to the directory with the .h files in (eg. nspr.h)
---with-{nss,nspr}-libs should point to the directory with the .so files in (eg. libnss3.so)</code></pre>
-<p>If you can't add to <code>/etc/ld.so.conf</code> (or your (*nix) OS doesn't have one) set
-the <code>LD_LIBRARY_PATH</code> environment variable instead, either before running Pidgin or
-(for bourne shell & bash) on the Pidgin command line, eg.
-<pre><code>setenv LD_LIBRARY_PATH /usr/lib/mozilla-1.4</code></pre>
-<pre><code>LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 ; export LD_LIBRARY_PATH</code></pre>
-or sh/bash: run Pidgin with this command:
-<pre><code>LD_LIBRARY_PATH=/usr/lib/mozilla-1.4 pidgin</code></pre>
-If you have multiple versions of Mozilla installed, you might have some
-problems with which version is detected by <code>./configure</code> and which
-libs are used at runtime. This is because, by default,
-<code>./configure</code> uses pkg-config to find the Mozilla NSS & NSPR
-libs and includes. If you explicitly specify the Mozilla libs and includes
-to use with the --with-nss etc. options to <code>./configure</code> then
-pkg-config will not be used, and you might have more success.
-The notes below on installing Mozilla NSS & NSPR might also help.
-A: Thanks to sofar on #pidgin for this:
-Here's a list in the proper order which you need to install/compile, the
-versions and links I give compile normally on a reasonably clean system.
-libgpg-error (needed by libgcrypt):
-<a href="ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/libgpg-error-0.5.tar.gz">
-ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/libgpg-error-0.5.tar.gz</a>
-libgcrypt (needed by GnuTLS):
-<a href="ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.43.tar.gz">
-ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.43.tar.gz</a>
-libtasn1 (needed by GnuTLS):
-<a href="ftp://ftp.gnutls.org/pub/gnutls/libtasn1/attic/libtasn1-0.2.6.tar.gz">
-ftp://ftp.gnutls.org/pub/gnutls/libtasn1/attic/libtasn1-0.2.6.tar.gz</a>
-GnuTLS (needed by Pidgin):
-<a href="ftp://ftp.gnutls.org/pub/gnutls/attic/gnutls-0.9.91.tar.gz">
-ftp://ftp.gnutls.org/pub/gnutls/attic/gnutls-0.9.91.tar.gz</a>
-libopencdk is a PITA, don't use it, GnuTLS will break. Also version 0.9.92 of
-GnuTLS doesn't compile because the maintainer forgot to add 1 file needed. 0.9.91
-You shouldn't need to pass any --with-xxx-libs/include to Pidgin since everything is
-by default put in the normal include/lib dirs on my system. If you put any of the libs in
-obscure places you are daft, just don't do that ;^).
-For FreeBSD (and, it seems, OpenBSD) users:
-<blockquote><p><synic> ok, gnutls 0.8.10 officially works on FreeBSD<br />
-<synic> and 0.8.6 doesn't :)</p></blockquote>
-The notes below on installing GnuTLS as non-root might also help.
-Q: Non-root (mozilla-{nss,nspr} or GnuTLS already installed)
-A: If you don't have root access on the system you're trying to install Pidgin
-on, you need to configure Pidgin to install under your home directory.
-<pre><code>./configure --prefix=$HOME</code></pre>
-If there are additional dependancies required that are not installed on
-the system, you'll need to install those in a similar manner and pass the
-correct locations to Pidgin's ./configure as shown in the next sections.
-Q: Non-root including mozilla-{nss,nspr}
-A: Download NSS & NSPR source from here:
-<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz ">
-ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/src/nss-3.9.2.tar.gz</a>
-Extract nss-3.9.2.tar.gz
-<pre><code>cd nss-3.9.2/mozilla/security/nss
-make install</code></pre>
-<p>If compiling on Solaris (and maybe other Unixes), the Mozilla build system
-defaults to using the OS supplied cc even if it's not in the path. You must
-force the build to use gcc using these make commands instead of the above.
-Also, make sure you have a relatively recent gcc (3.2.x has been reported to
-work, 3.1.x has been reported to fail). Thanks to Bill Tompkins for these
-NS_USE_GCC=1 make nss_build_all
-NS_USE_GCC=1 make install</code></pre>
-On systems where make is not GNU make, use gmake. The above commands will
-build the libraries without optimizations and with debugging enabled. To build
-optimized libraries use these commands:
-make BUILD_OPT=1 nss_build_all
-make BUILD_OPT=1 install</code></pre>
-<pre><code>mkdir -p $HOME/lib
-mkdir -p $HOME/include/nspr
-find ../../dist/*/lib -type l \
- \( -name "*.so" -o -name "*.chk" \) \
- -exec cp -L {} $HOME/lib \;
-cp -Lr ../../dist/public/* $HOME/include
-cp -Lr ../../dist/*/include/* $HOME/include/nspr</code></pre>
-The above lines require GNU find & GNU cp, on Solaris you can get these from
-<a href="http://www.sunfreeware.com/">Sunfreeware.com</a> in the findutils and
-coreutils packages (remember to make sure the GNU commands are in your path
-before the OS versions).
-<pre><code>./configure --prefix=$HOME \
---with-nss-includes=$HOME/include/nss \
---with-nspr-includes=$HOME/include/nspr \
---with-nss-libs=$HOME/lib \
---with-nspr-libs=$HOME/lib
-make install</code></pre>
-You should now be able to use Pidgin by running <code>$HOME/bin/pidgin</code><br />
-In some cases, it might be necessary to set
-<code>LD_LIBRARY_PATH=$HOME/lib</code>
-Q: Non-root including GnuTLS
-A: This has been tested using the exact same versions of applications specified
-above in the GnuTLS section, with the exception of libtasn1 (GnuTLS actually
-includes a version of libtasn1 which seems to work).
-<pre><code>./configure --prefix=$HOME
-make install</code></pre>
-<pre><code># fix the configure script!
-perl -pi -e 's/ --prefix=\$gpg_error_config_prefix//' configure
-./configure --prefix=$HOME --with-gpg-error-prefix=$HOME
-make install</code></pre>
-<pre><code>LD_LIBRARY_PATH=$HOME/lib ./configure \
- --prefix=$HOME --with-libgcrypt=$HOME
-make install</code></pre>
-<pre><code>./configure --prefix=$HOME --enable-gnutls=yes \
---with-gnutls-libs=$HOME/lib \
---with-gnutls-includes=$HOME/include
-make install</code></pre>
-You should now be able to use Pidgin by running <code>$HOME/bin/pidgin</code><br />
-In some cases, it might be necessary to set
-<code>LD_LIBRARY_PATH=$HOME/lib</code>
-before running Pidgin (this was not necessary on the tested system)
-!SECTION Troubleshooting
-A: ./configure will tell you when it is finished what SSL implementation
-is going to be used. You will get one of these 4 lines:
-<pre><code>SSL Library/Libraries......... : None
-SSL Library/Libraries......... : Mozilla NSS
-SSL Library/Libraries......... : GnuTLS
-SSL Library/Libraries......... : Mozilla NSS and GnuTLS</code></pre>
-It should be fairly obvious that if it says "None", it is not going to work
-for you, so you should fix that by making sure you're passing the right
---with-xxx-libs & --with-xxx-includes as described above before even bothering
-to try "make".
-A: If <code>./configure</code> said it was going to compile with SSL but
-the make fails to build, it is likely that you have a broken installation of
-the chosen SSL libs. If you did not specify any --with-xxx-libs or
---with-xxx-includes when running configure, try explicitly pointing it at your
-SSL libs & includes.
-If it still fails during <code>make</code>, you should probably try the other
-SSL option and explictly disable the one that failed with
-<code>--enable-nss=no</code> or <code>--enable-gnutls=no</code> as appropriate.
-A: If you've managed to build Pidgin, with SSL support reported by
-<code>./configure</code> and without any build failures, but when running it
-still complains, there are a few things you can try.
-Make sure that you only have one copy of Pidgin installed, it is possible that
-there is another one in your path that does not have SSL support. You can
-check which Pidgin is being run with "<code>which pidgin</code>", or you
-can be sure to run the version you've just compiled by specifiying the full
-path to it. Note: <code>./configure</code> will warn you if it finds an old
-version of Pidgin already installed.
-If you are sure that you are running your freshly compiled Pidgin, check Pidgin's
-SSL plugin is actually linked to the necessary libs. If you compiled with
-Mozilla NSS, you can do this (replace /usr/local/lib with the prefix you
-<pre><code>$ ldd /usr/local/lib/purple/ssl-nss.so
-libnsl.so.1 => /lib/libnsl.so.1 (0x40023000)
-libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)</code></pre>
-That one is NOT linked against NSS, and will not work. Go back to the
-beginning and try again (or, if you also compiled with GnuTLS, keep reading).
-<pre><code>$ ldd /usr/local/lib/purple/ssl-nss.so
-libnss3.so => /usr/lib/libnss3.so (0x4004e000)
-libsmime3.so => /usr/lib/libsmime3.so (0x400b0000)
-libssl3.so => /usr/lib/libssl3.so (0x400d0000)
-libsoftokn3.so => /usr/lib/libsoftokn3.so (0x400f0000)
-libpthread.so.0 => /lib/i686/libpthread.so.0 (0x40155000)
-libdl.so.2 => /lib/libdl.so.2 (0x401a5000)
-libnsl.so.1 => /lib/libnsl.so.1 (0x401a8000)
-libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
-libplc4.so => /usr/lib/libplc4.so (0x401bf000)
-libplds4.so => /usr/lib/libplds4.so (0x401c4000)
-libnspr4.so => /usr/lib/libnspr4.so (0x401c7000)
-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)</code></pre>
-That one is linked against the necessary things, and all libs were found. If
-any of the bits on the right say "not found", then the compile worked but the
-libs cannot be found by the dynamic loader. See notes above about
-<code>/etc/ld.so.conf</code>, <code>ldconfig</code> and the LD_LIBRARY_PATH
-If you compiled with GnuTLS (or both), the steps to check the purple SSL plugin
-are similar to above, except the file to check is <code>ssl-gnutls.so</code>.
-The output should look like this if all is good:
-<pre><code>$ ldd /usr/local/lib/purple/ssl-gnutls.so
-libgnutls.so.8 => /usr/lib/libgnutls.so.8 (0x40003000)
-libgcrypt.so.7 => /usr/lib/libgcrypt.so.7 (0x4005e000)
-libnsl.so.1 => /lib/libnsl.so.1 (0x400c6000)
-libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
-libz.so.1 => /usr/lib/libz.so.1 (0x400dc000)
-libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x400ea000)
-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)</code></pre>
-For completeness, here's the output if it can't find some of the libs:
-<pre><code>libgnutls.so.8 => not found
-libgcrypt.so.7 => not found
-libnsl.so.1 => /lib/libnsl.so.1 (0x002b7000)
-libc.so.6 => /lib/tls/libc.so.6 (0x004f4000)
-/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x0088d000)</code></pre>