mirror of https://git.sr.ht/~oppen/ariane
add tld notes
This commit is contained in:
parent
9df4233ff7
commit
b5d2821d76
46
README.md
46
README.md
|
@ -50,4 +50,48 @@ That's it as far as the spec is concered, the rest is down to the Android API
|
|||
|
||||
## Android TLS
|
||||
|
||||
* [SSLSocket](https://developer.android.com/reference/javax/net/ssl/SSLSocket)
|
||||
* [SSLSocket](https://developer.android.com/reference/javax/net/ssl/SSLSocket)
|
||||
* [Android keystore system](https://developer.android.com/training/articles/keystore.html)
|
||||
|
||||
Ariane is failing a socket handshake with the flounder.online gemini server, server details: https://www.ssllabs.com/ssltest/analyze.html?d=flounder.online
|
||||
|
||||
```
|
||||
socket error: javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb4000075dcd530d8: Failure in SSL library, usually a protocol error
|
||||
```
|
||||
|
||||
Flounder tls details:
|
||||
|
||||
`openssl s_client -showcerts -connect flounder.online:1965`
|
||||
|
||||
```
|
||||
CONNECTED(00000003)
|
||||
depth=0
|
||||
verify error:num=20:unable to get local issuer certificate
|
||||
verify return:1
|
||||
depth=0
|
||||
verify error:num=21:unable to verify the first certificate
|
||||
verify return:1
|
||||
---
|
||||
Certificate chain
|
||||
0 s:
|
||||
i:
|
||||
-----BEGIN CERTIFICATE-----
|
||||
```
|
||||
|
||||
compared to a working capsule:
|
||||
|
||||
`openssl s_client -showcerts -connect gus.guru:1965`
|
||||
|
||||
```
|
||||
CONNECTED(00000003)
|
||||
depth=0 CN = gus.guru
|
||||
verify error:num=18:self signed certificate
|
||||
verify return:1
|
||||
depth=0 CN = gus.guru
|
||||
verify return:1
|
||||
---
|
||||
Certificate chain
|
||||
0 s:CN = gus.guru
|
||||
i:CN = gus.guru
|
||||
-----BEGIN CERTIFICATE-----
|
||||
```
|
||||
|
|
|
@ -9,7 +9,7 @@ android {
|
|||
|
||||
defaultConfig {
|
||||
applicationId "oppen.gemini.ariane"
|
||||
minSdkVersion 21
|
||||
minSdkVersion 29
|
||||
targetSdkVersion 30
|
||||
versionCode 7
|
||||
versionName "1.0.0"
|
||||
|
|
|
@ -9,10 +9,8 @@ import java.io.*
|
|||
import java.net.ConnectException
|
||||
import java.net.URI
|
||||
import java.security.SecureRandom
|
||||
import javax.net.ssl.SSLContext
|
||||
import javax.net.ssl.SSLHandshakeException
|
||||
import javax.net.ssl.SSLSocket
|
||||
import javax.net.ssl.SSLSocketFactory
|
||||
import java.security.cert.X509Certificate
|
||||
import javax.net.ssl.*
|
||||
|
||||
const val GEMINI_SCHEME = "gemini"
|
||||
|
||||
|
@ -94,25 +92,56 @@ class GeminiDatasource(val context: Context): Datasource {
|
|||
*
|
||||
* This was largely copied from
|
||||
|
||||
https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
|
||||
https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
|
||||
|
||||
*
|
||||
*/
|
||||
|
||||
private val trustAllCerts: Array<TrustManager> = arrayOf(object : X509TrustManager {
|
||||
override fun checkClientTrusted(chain: Array<out X509Certificate>?, authType: String?) {
|
||||
|
||||
}
|
||||
|
||||
override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
|
||||
|
||||
}
|
||||
|
||||
override fun getAcceptedIssuers(): Array<X509Certificate> {
|
||||
return arrayOf()
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
private fun geminiRequest(uri: URI, onUpdate: (state: GemState) -> Unit){
|
||||
last = uri
|
||||
val port = if(uri.port == -1) 1965 else uri.port
|
||||
|
||||
val sslContext = SSLContext.getInstance("TLSv1.2")
|
||||
sslContext.init(null, DummyTrustManager.get(), SecureRandom())
|
||||
val sslContext = SSLContext.getInstance("TLS")
|
||||
sslContext.init(null, trustAllCerts, SecureRandom())
|
||||
|
||||
val factory: SSLSocketFactory = sslContext.socketFactory
|
||||
|
||||
var socket: SSLSocket?
|
||||
val allCipher = factory.supportedCipherSuites
|
||||
|
||||
allCipher.forEach { suite ->
|
||||
println("Supported cipher suite: $suite")
|
||||
}
|
||||
|
||||
val socket: SSLSocket?
|
||||
try {
|
||||
socket = factory.createSocket(uri.host, port) as SSLSocket
|
||||
socket.enabledProtocols = arrayOf("TLSv1.2")
|
||||
|
||||
socket.supportedProtocols.forEach { protocol ->
|
||||
println("Supported protocol $protocol")
|
||||
}
|
||||
|
||||
socket.enabledCipherSuites = allCipher
|
||||
|
||||
//socket.enabledProtocols = socket.supportedProtocols
|
||||
socket.enabledProtocols = socket.supportedProtocols
|
||||
socket.startHandshake()
|
||||
}catch(ce: ConnectException){
|
||||
println("socket error: $ce")
|
||||
onUpdate(
|
||||
GemState.ResponseError(
|
||||
GeminiResponse.Header(
|
||||
|
@ -123,10 +152,11 @@ class GeminiDatasource(val context: Context): Datasource {
|
|||
)
|
||||
return
|
||||
}catch(she: SSLHandshakeException){
|
||||
println("socket error: $she")
|
||||
onUpdate(
|
||||
GemState.ResponseError(
|
||||
GeminiResponse.Header(
|
||||
-1,
|
||||
-2,
|
||||
she.message ?: she.toString()
|
||||
)
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue