It's been awhile but I bring good news for people using dʒɛmɪni to host their capsule: a weird SSL bug in dʒɛmɪni has finally been fixed. I big "thank you" to mbays (for finding the issue), gluon (for hosting it and using dʒɛmɪni) and fgaz (for fixing it in his server)!
=> diohsc gemini client by mbays | capsule hosted by gluon using dʒɛmɪni | gemini server by fgaz
So what was wrong? I am not really sure but the problem occurred when using a client which supports TLS 1.3 "session reuse" aka resumption, causing the second hit on a dʒɛmɪni hosted capsule to fail at the handshake. Apparently I forgot to do a move in the OpenSSL ceremonial dance, namely set the session ID.
=> SSL_CTX_set_session_id_context
Fortunately racket does it for you when calling ssl-set-verify! but I didn't bother with it because I don't want verification because of TOFU. I was wrong and, have to admit, did not RTFM.
=> racket/openssl/ssl-set-verify!
This also seems to fix a similar issue I was having when running dʒɛmɪni on OpenBSD and using the Ariane client for Android, second hit going bad at handshake. Weird thing was: it did not occur on capsules hosted on a GNU/Linux distribution.
=> Ariane
Hurrah! Some order is restored in my world. Thank you to the people involved!
Cheers,
R.
--
📅 2021-03-22
🏷 dezhemini
📧 hello@rwv.io
CC BY-NC-SA 4.0
text/gemini; lang=enThis content has been proxied by September (3851b).