[ANN] tanelorn.city: a public gemini host for writers

colecmac at protonmail.com colecmac at protonmail.com
Fri Jun 12 21:44:42 BST 2020

Previous message (by thread): [ANN] tanelorn.city: a public gemini host for writers
Next message (by thread): [ANN] tanelorn.city: a public gemini host for writers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think it should be noted, that to my knowledge,
Kristall, Elpher, Castor and Bollux all do not check certs.

makeworld

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, June 12, 2020 12:39 PM, tastytea <tastytea+gemini at tastytea.de> wrote:

> On 2020-06-12 11:36-0400 Matthew Graybosch hello at matthewgraybosch.com
> wrote:
>
> > On Fri, 12 Jun 2020 15:08:36 +0000
> > colecmac at protonmail.com wrote:
> >
> > > Amen. Happy to have another server!
> >
> > Thanks.
> >
> > > However, in Bombadillo I get the error "Cert hostname does not
> > > match". Make sure you're serving up the right certificate!
> >
> > Sorry to hear that!
> > I just downloaded Bombadillo so I could see for myself, and checked my
> > Gemserv config on kanajana. As far as I can tell my config is OK and
> > I'm using the correct cert for each hostname, but the problem might be
> > that kanajana isn't only serving tanelorn.city but demifiend.org and
> > starbreaker.org as well.
> > I'm not sure what to do about it, though since all three sites are
> > accessible using Castor and bollux.
>
> If I interpret the output from`openssl s_client`¹ correctly, the CN of
> the certificate is set to “Matthew Graybosch”, not a “tanelorn.city”,
> as it is custom for HTTPS. However, while the specification states in
> 4.2 that “Clients can validate TLS connections however they like”, it
> recommends a “lightweight "TOFU" certificate-pinning system” without
> mentioning hostname validation.
>
> Kristall and elpher also show no error, by the way.
>
> Kind regards, tastytea
>
> ¹ echo -e 'gemini://tanelorn.city\r\n\r\n' \
> | openssl s_client -verify_hostname tanelorn.city tanelorn.city:1965
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Get my PGP key with `gpg --locate-keys tastytea at tastytea.de` or at
> https://tastytea.de/tastytea.asc.

Previous message (by thread): [ANN] tanelorn.city: a public gemini host for writers
Next message (by thread): [ANN] tanelorn.city: a public gemini host for writers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list