Red Hat Bugzilla – Bug 474212
Pidgin Package 2.3.1-2.el5_2 Cannot Connect to SILC Server
Last modified: 2014-06-02 09:16:32 EDT
Description of problem:
The pidgin client package provided, or the supporting packages (libsilc, or libpurple) provided cannot connect to the latest version of SILC server. The clients fails to properly exchange keys during initial login.
Version-Release number of selected component (if applicable):
libsilc - 1.0.2-2.fc6
libpurple - 2.3.1-2.el5_2
pidgin - 2.3.1-2.el5_2
How reproducible: Easily and Reliably Reproduced.
Steps to recreate:
Download and Build SILC Server 1.1.14 from (remember to build with --enable-debug): http://silcnet.org/software/download/server/ [^]
modify SILC server config (silcd.conf) to a working config - and use public key authentication. (It should fail using preferred passphrase anyhow, but eliminate it from the mix to narrow things down)
3.) Try to use packaged versions of pidgin libsilc and libpurple available from Cent repositories to connect to the server.
4.) You should receive a key exchange error in the logs (invalid key).
Possibly related directly or indirectly to bug 459578.
Edit: 3.) Try to use packaged versions of pidgin libsilc and libpurple available from RHEL RHN repositories to connect to the server.
I seem to be experiencing trouble connecting to SILC even with the latest pidgin in Fedora 10 in the last few days. I see 'Connection denied' messages from several servers, followed by long delays and sometimes key exchange errors. At the moment I tried a SILC connect and it went through without any trouble. So these might be only intermittent server problems?
Anyhow, we are soon upgrading RHEL4 and RHEL5 to this new pidgin. It is pidgin-2.5.2 plus numerous backported crash fixes from upstream. Please give it a try.
what patches are in libsilc-1.0.2-2.fc6 in RHEL5 ?
Upstream SILC says that the older versions of SILC library are no longer supported by the server. RHEL4's 0.9.12 definitely does not work anymore. It is possible that 1.0.2 would work except we have a broken multilib wordsize patch in that old FC6 originating package. In any case we are unable to upgrade the libsilc libraries at this time because we lack approval. I will attempt to get approval to upgrade both RHEL4 and RHEL5 to libsilc-1.1.8 or whatever latest upstream recommends at a later date.
(In reply to comment #2)
> I seem to be experiencing trouble connecting to SILC even with the latest
> pidgin in Fedora 10 in the last few days. I see 'Connection denied' messages
> from several servers, followed by long delays and sometimes key exchange
> errors. At the moment I tried a SILC connect and it went through without any
> trouble. So these might be only intermittent server problems?
> Anyhow, we are soon upgrading RHEL4 and RHEL5 to this new pidgin. It is
> pidgin-2.5.2 plus numerous backported crash fixes from upstream. Please give
> it a try.
Interesting, I have not had the same experience connecting to my test environment SILC Server with Fedora 10 - it seems to work flawlessly actually. Only RHEL 5 machines seem to have the issue (I don't have any clients running RHEL4 any longer to test).
I'm working on getting the updated pidgin packages installed now - so I'll report back on that ASAP.
Ok Pidgin updated, along with libpurple using the supplied packages and the issue persists. That leads me to believe the issue does lie with libsilc, and likely with the broken multilib wordsize patch as you mention. As reported in bug 459578 recompiling libsilc 1.0.2 without it seemed to clear it up for fedora - so I also suspect, as you do, that 1.0.2 would suffice provided that bump is fixed.
Completely untested, but this patch might be better:
We unfortunately cannot obtain approval to change libsilc at this point. This issue was discovered too late. The pidgin update is primarily for security reasons, and it is icing on the cake that we are able to push through any bug fixes at all. SILC is not a regression so it was deemed not important enough to hold up the pidgin release further.
I am proposing the latest version of libsilc for the next update cycle of both RHEL4 and RHEL5.
>Completely untested, but this patch might be better:
Stu, I have applied the provided patch file and recompiled the toolkit (to the best of my meager ability) and the clients still refuse the initial key exchange.
>I am proposing the latest version of libsilc for the next update cycle of both
>RHEL4 and RHEL5.
Thanks for the continued effort Warren, it's appreciated.
When exactly is the next update cycle, and with what frequency do such things occur? Perhaps someone might be able to point me to the document that details the process.
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in the last planned RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX. To request that Red Hat re-consider this request, please re-open the bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you.
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).