nss vs gnutls - how does Pidgin choose?
kevin at rentec.com
Mon Jul 20 14:51:56 EDT 2015
I've got Openfire XMPP servers running on two different networks. Today I noticed that linux users on one network were getting an SSL Handshake error when trying to connect Pidgin to the Openfire server.
I also saw that mozilla-nss packages were updated over the weekend. Our linux systems have both mozilla-nss and gnutls libraries installed; moving purple's ssl-nss.so library seemed to make Pidgin instead use gnutls, and SSL connections worked.
The weird part: the other network has identical versions of linux, openfire, pidgin (OpenSUSE's 2.10.10), and the same recently updated mozilla-nss. But when I tested pidgin on a few hosts on *that* network, it worked. When I moved the ssl-gnutls.so file on one of those hosts, I got the same SSL Handshake error that the users on the other network saw. If I moved both ssl-gnutls.so and ssl-nss.so, Pidgin reported that there was no SSL available (as expected). So on one network, Pidgin appears to prefer nss - and on the other, gnutls.
How does Pidgin/purple choose which to use if both are available?
More information about the Support