SSL and Gaim/Pidgin

Piers Harding piers at ompka.net
Tue Jul 24 05:39:57 UTC 2007 

Hi - pidgin can be compiled with either GNUTls or NSPR4 support.  I have
it running successfully with GNUTls (not tried the other), which might
make a difference.

Cheers.



On Mon, Jul 23, 2007 at 05:37:49PM -0400, Edward Rudd wrote:
> ARGH.
> 
> Ok..  if I use Pidgin on win32, TLS ssl works fine, if I use psi on
> linux, works fine. However, if I use pidgin on linux it does not connect
> reliably to djabberd w/ SSL.
> 
> The error (running djabberd in debug mode)
> 
> ** (Pidgin on linux/Fedora 7)
> DEBUG DJabberd.Connection.ClientIn             New connection '17' from
> 192.168.0.73
> setting ssl (35245712) fileno to 16
> DJabberd::Connection::ClientIn=ARRAY(0x2091c80):  Cipher `(NONE)'
> SSL_read 18340: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number
> SSL Read error: SSL_read 18340: 1 - error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
> 
> DEBUG DJabberd.Connection.ClientIn             DISCONNECT: 17
> 
> ** (Pidgin on win32)
> DEBUG DJabberd.Connection.ClientIn             New connection '11' from
> 192.168.0.102
> setting ssl (35043984) fileno to 8
> DJabberd::Connection::ClientIn=ARRAY(0x2026500):  Cipher `(NONE)'
> INFO  DJabberd.VHost                           Registering
> 'tbeihold at lan.netfor.com/Home' to connection '11'
> 
> ** PSI on linux
> DEBUG DJabberd.Connection.OldSSLClientIn       New connection '1' from
> 192.168.0.73
> setting ssl (33096192) fileno to 14
> DJabberd::Connection::OldSSLClientIn=ARRAY(0x1f65d00):  Cipher `AES256-SHA'
> INFO  DJabberd.VHost                           Registering
> 'erudd at lan.netfor.com/Psi' to connection '1'
> 
> 
> PSI uses openssl,
> Pidgin on both windows and linux uses mozilla's NSS (version 3.11.4) (it
> can use gnutls, however no one seems to compile it using gnutls).
> A MDK linux system running nss3 1.5 connects fine (though running gaim
> 2.0.2beta3.1),
> 
> It seems to be an nss issue, but not sure how.  Any ideas on how to
> debug this issue?
> 
> AGH.. OK. tested a FC7 i386 system and it works there.  Seems to be only
> x86_64 linux systems that are affected.  Big bug in NSS?
> 
> But if I configure the 64-bit system to force old SSL (5223) AND change
> the port to 5223 AND  specify the host to connect to, it connects fine.

> begin:vcard
> fn:Edward Rudd
> n:Rudd;Edward
> org:Netfor, Inc.;Development
> adr;dom:;;11810 Technology Lane;Fishers;IN;46038
> email;internet:erudd at netfor.com
> title:Lead Programmer
> tel;work:317-813-4500 x 231
> x-mozilla-html:FALSE
> url:http://www.netfor.com/
> version:2.1
> end:vcard
> 


-- 
Home - http://www.piersharding.com
xmpp:piers at ompka.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/djabberd/attachments/20070724/e672feba/attachment.pgp

More information about the Djabberd mailing list