TLS certificate sizes in Geminispace

Case Duckworth acdw at acdw.net
Fri Jun 26 16:03:47 BST 2020

Previous message (by thread): TLS certificate sizes in Geminispace
Next message (by thread): TLS certificate sizes in Geminispace
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 26, 2020, at 1:56 PM, solderpunk wrote:
> cozylabs.eu achieves this feat with a single self-signed ED25519
> certificate.  For folks who want to ditch the CA system and embrace
> TOFU, this is clearly the way to do it.  I will migrate
> gemini.circumlunar.space to this style of certificate in the near
> future.
> 
> Unfortunately making this kind of cert with the `openssl` tool is not
> as straightforward as other options.  The standard library for Go seems
> up to the task.  I will write a small and simple bulletproof program to
> generate these certs next week, and document it well.  It will be handy
> not only for server admins but people who want to generate their own
> client certs for use with clients like Alphonse.  Stay tund...

Unfortunately, I can't access cozylabs.eu using the `openssl s_client` tool, or actually any gemini browser, including AV-98: the error there is "ERROR: [SSL: UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS] unable to find public key parameters (_ssl.c:1108)".

This makes me think it's an error with the server, as opposed to the ED22519 key; I'd love to try another server with this type of certificate for testing.

~ Case (acdw)

Previous message (by thread): TLS certificate sizes in Geminispace
Next message (by thread): TLS certificate sizes in Geminispace
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list