An observation about client certificates

Sean Conner sean at conman.org
Mon May 11 01:18:21 BST 2020

Previous message (by thread): Search GUS by content type!
Next message (by thread): An observation about client certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  I know logging isn't popular here, but I still do it anyway, in order to
track down issues that might come up, either bugs in the server.  Early on,
I decided also log certificates that might be used to hit the "/private"
directory on my server.  I'm seeing a bit more activity there, which is
nice, the latest one being:

remote=---.---.---.--- status=20 request="gemini://gemini.conman.org/private/" bytes=213 subject="/CN=AV-98 cert test" issuer="/CN=AV-98 cert test"

  But the following requests had me seriously puzzled:

remote=---.---.---.--- status=20 request="gemini://gemini.conman.org/private/" bytes=213 subject="" issuer=""
remote=---.---.---.--- status=20 request="gemini://gemini.conman.org/private/mondrian.gif" bytes=3082 subject="" issuer=""

  After quite a bit of testing and thinking on this, I can only conclude
that whomever sent this request did have a certificate, but the certificate
did not include the issuer or subject fields.  As I stated, I accept any
certificate (as long as the dates are valid).  I did not expect a
certificate sans issuer/subject could be valid as well.  Perhaps it's not, I
don't actually know, but kudos to the requestor.  I was not expecting this.

  -spc

Previous message (by thread): Search GUS by content type!
Next message (by thread): An observation about client certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list