mirror of https://git.sr.ht/~oppen/ariane
log server certs, add link to drews tofu notes
This commit is contained in:
parent
5e7faedc7d
commit
50cf425a5b
|
@ -37,6 +37,8 @@ Ariane uses TLS but does not implement TOFU at all:
|
|||
|
||||
> Clients can validate TLS connections however they like (including not at all) but the strongly RECOMMENDED approach is to implement a lightweight "TOFU" certificate-pinning system which treats self-signed certificates as first- class citizens
|
||||
|
||||
See [Drew's note on TOFU](https://drewdevault.com/2020/09/21/Gemini-TOFU.html)
|
||||
|
||||
## Client TLS
|
||||
|
||||
> Although rarely seen on the web, TLS permits clients to identify themselves to servers using certificates
|
||||
|
|
|
@ -25,10 +25,13 @@ class GeminiDatasourceTests {
|
|||
"gemini://idiomdrottning.org"
|
||||
)
|
||||
|
||||
private val capsuleIndex = 3
|
||||
private var capsuleIndex = 0
|
||||
|
||||
@Before
|
||||
private fun setup(){
|
||||
fun setup(){
|
||||
val capsule = capsules.random()
|
||||
println("Using $capsule for Gemini tests")
|
||||
capsuleIndex = capsules.indexOf(capsule)
|
||||
gemini = Datasource.factory(InstrumentationRegistry.getInstrumentation().targetContext)
|
||||
}
|
||||
|
||||
|
|
|
@ -37,7 +37,6 @@ class GeminiDatasource(
|
|||
|
||||
when (uri.scheme) {
|
||||
GEMINI_SCHEME -> {
|
||||
|
||||
val cached = RuntimeCache.get(uri)
|
||||
if(cached != null){
|
||||
last = uri
|
||||
|
@ -100,10 +99,9 @@ class GeminiDatasource(
|
|||
|
||||
/**
|
||||
*
|
||||
* This was largely copied from
|
||||
* This was originally largely copied from:
|
||||
|
||||
https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
|
||||
|
||||
*
|
||||
*/
|
||||
|
||||
|
@ -113,7 +111,11 @@ class GeminiDatasource(
|
|||
}
|
||||
|
||||
override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
|
||||
|
||||
println("checkServerTrusted()")
|
||||
println("checkServerTrusted() authType: $authType")
|
||||
chain?.forEach { cert ->
|
||||
println("checkServerTrusted() cert: ${cert.subjectDN}")
|
||||
}
|
||||
}
|
||||
|
||||
override fun getAcceptedIssuers(): Array<X509Certificate> {
|
||||
|
|
Loading…
Reference in New Issue