log server certs, add link to drews tofu notes

2020-11-10 14:48:24 +00:00 · 2020-11-10 14:48:24 +00:00 · 50cf425a5b
parent 5e7faedc7d
commit 50cf425a5b
3 changed files with 13 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -37,6 +37,8 @@ Ariane uses TLS but does not implement TOFU at all:

 > Clients can validate TLS connections however they like (including not at all) but the strongly RECOMMENDED approach is to implement a lightweight "TOFU" certificate-pinning system which treats self-signed certificates as first- class citizens

+See [Drew's note on TOFU](https://drewdevault.com/2020/09/21/Gemini-TOFU.html)
+
 ## Client TLS

 > Although rarely seen on the web, TLS permits clients to identify themselves to servers using certificates
--- a/app/src/androidTest/java/oppen/ariane/io/gemini/GeminiDatasourceTests.kt
+++ b/app/src/androidTest/java/oppen/ariane/io/gemini/GeminiDatasourceTests.kt
@ -25,10 +25,13 @@ class GeminiDatasourceTests {
        "gemini://idiomdrottning.org"
    )

-    private val capsuleIndex = 3
+    private var capsuleIndex = 0

    @Before
-    private fun setup(){
+    fun setup(){
+        val capsule = capsules.random()
+        println("Using $capsule for Gemini tests")
+        capsuleIndex = capsules.indexOf(capsule)
        gemini = Datasource.factory(InstrumentationRegistry.getInstrumentation().targetContext)
    }

--- a/app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt
+++ b/app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt
@ -37,7 +37,6 @@ class GeminiDatasource(

        when (uri.scheme) {
            GEMINI_SCHEME -> {
-
                val cached = RuntimeCache.get(uri)
                if(cached != null){
                    last = uri
@ -100,10 +99,9 @@ class GeminiDatasource(

    /**
     *
-     * This was largely copied from
+     * This was originally largely copied from:

        https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
-
     *
     */

@ -113,7 +111,11 @@ class GeminiDatasource(
            }

            override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
-
+                println("checkServerTrusted()")
+                println("checkServerTrusted() authType: $authType")
+                chain?.forEach { cert ->
+                    println("checkServerTrusted() cert: ${cert.subjectDN}")
+                }
            }

            override fun getAcceptedIssuers(): Array<X509Certificate> {