SSL and Gaim/Pidgin

Edward Rudd erudd at netfor.com
Wed Jul 25 15:47:17 UTC 2007 

Yea, I rebuild it using only gnutls (not both) and it works correctly.
ARG.. Guess I get to file a bug report w/ Pidgin.  And probably w/ NSS
as well as I'm not sure which component is causing the problem.

Piers Harding wrote:
> Hi - pidgin can be compiled with either GNUTls or NSPR4 support.  I have
> it running successfully with GNUTls (not tried the other), which might
> make a difference.
> 
> Cheers.
> 
> 
> 
> On Mon, Jul 23, 2007 at 05:37:49PM -0400, Edward Rudd wrote:
>> ARGH.
>>
>> Ok..  if I use Pidgin on win32, TLS ssl works fine, if I use psi on
>> linux, works fine. However, if I use pidgin on linux it does not connect
>> reliably to djabberd w/ SSL.
>>
>> The error (running djabberd in debug mode)
>>
>> ** (Pidgin on linux/Fedora 7)
>> DEBUG DJabberd.Connection.ClientIn             New connection '17' from
>> 192.168.0.73
>> setting ssl (35245712) fileno to 16
>> DJabberd::Connection::ClientIn=ARRAY(0x2091c80):  Cipher `(NONE)'
>> SSL_read 18340: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
>> version number
>> SSL Read error: SSL_read 18340: 1 - error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong version number
>>
>> DEBUG DJabberd.Connection.ClientIn             DISCONNECT: 17
>>
>> ** (Pidgin on win32)
>> DEBUG DJabberd.Connection.ClientIn             New connection '11' from
>> 192.168.0.102
>> setting ssl (35043984) fileno to 8
>> DJabberd::Connection::ClientIn=ARRAY(0x2026500):  Cipher `(NONE)'
>> INFO  DJabberd.VHost                           Registering
>> 'tbeihold at lan.netfor.com/Home' to connection '11'
>>
>> ** PSI on linux
>> DEBUG DJabberd.Connection.OldSSLClientIn       New connection '1' from
>> 192.168.0.73
>> setting ssl (33096192) fileno to 14
>> DJabberd::Connection::OldSSLClientIn=ARRAY(0x1f65d00):  Cipher `AES256-SHA'
>> INFO  DJabberd.VHost                           Registering
>> 'erudd at lan.netfor.com/Psi' to connection '1'
>>
>>
>> PSI uses openssl,
>> Pidgin on both windows and linux uses mozilla's NSS (version 3.11.4) (it
>> can use gnutls, however no one seems to compile it using gnutls).
>> A MDK linux system running nss3 1.5 connects fine (though running gaim
>> 2.0.2beta3.1),
>>
>> It seems to be an nss issue, but not sure how.  Any ideas on how to
>> debug this issue?
>>
>> AGH.. OK. tested a FC7 i386 system and it works there.  Seems to be only
>> x86_64 linux systems that are affected.  Big bug in NSS?
>>
>> But if I configure the 64-bit system to force old SSL (5223) AND change
>> the port to 5223 AND  specify the host to connect to, it connects fine.
> 
>> begin:vcard
>> fn:Edward Rudd
>> n:Rudd;Edward
>> org:Netfor, Inc.;Development
>> adr;dom:;;11810 Technology Lane;Fishers;IN;46038
>> email;internet:erudd at netfor.com
>> title:Lead Programmer
>> tel;work:317-813-4500 x 231
>> x-mozilla-html:FALSE
>> url:http://www.netfor.com/
>> version:2.1
>> end:vcard
>>
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erudd.vcf
Type: text/x-vcard
Size: 272 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/djabberd/attachments/20070725/8325b75d/erudd.vcf

More information about the Djabberd mailing list