add tld notes

README.md

@@ -50,4 +50,48 @@ That's it as far as the spec is concered, the rest is down to the Android API
 
 ## Android TLS
 
-* [SSLSocket](https://developer.android.com/reference/javax/net/ssl/SSLSocket)
+* [SSLSocket](https://developer.android.com/reference/javax/net/ssl/SSLSocket)
+* [Android keystore system](https://developer.android.com/training/articles/keystore.html)
+
+Ariane is failing a socket handshake with the flounder.online gemini server, server details: https://www.ssllabs.com/ssltest/analyze.html?d=flounder.online
+
+```
+socket error: javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb4000075dcd530d8: Failure in SSL library, usually a protocol error
+```
+
+Flounder tls details:
+
+`openssl s_client -showcerts -connect flounder.online:1965`
+
+```
+CONNECTED(00000003)
+depth=0 
+verify error:num=20:unable to get local issuer certificate
+verify return:1
+depth=0 
+verify error:num=21:unable to verify the first certificate
+verify return:1
+---
+Certificate chain
+ 0 s:
+   i:
+-----BEGIN CERTIFICATE-----
+```
+
+compared to a working capsule:
+
+`openssl s_client -showcerts -connect gus.guru:1965`
+
+```
+CONNECTED(00000003)
+depth=0 CN = gus.guru
+verify error:num=18:self signed certificate
+verify return:1
+depth=0 CN = gus.guru
+verify return:1
+---
+Certificate chain
+ 0 s:CN = gus.guru
+   i:CN = gus.guru
+-----BEGIN CERTIFICATE-----
+```

app/build.gradle

@@ -9,7 +9,7 @@ android {
 
     defaultConfig {
         applicationId "oppen.gemini.ariane"
-        minSdkVersion 21
+        minSdkVersion 29
         targetSdkVersion 30
         versionCode 7
         versionName "1.0.0"

app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt

@@ -9,10 +9,8 @@ import java.io.*
 import java.net.ConnectException
 import java.net.URI
 import java.security.SecureRandom
-import javax.net.ssl.SSLContext
-import javax.net.ssl.SSLHandshakeException
-import javax.net.ssl.SSLSocket
-import javax.net.ssl.SSLSocketFactory
+import java.security.cert.X509Certificate
+import javax.net.ssl.*
 
 const val GEMINI_SCHEME = "gemini"
 
@@ -94,25 +92,56 @@ class GeminiDatasource(val context: Context): Datasource {
      *
      * This was largely copied from
 
-    https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
+        https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
 
      *
      */
+
+    private val trustAllCerts: Array<TrustManager> = arrayOf(object : X509TrustManager {
+            override fun checkClientTrusted(chain: Array<out X509Certificate>?, authType: String?) {
+
+            }
+
+            override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
+
+            }
+
+            override fun getAcceptedIssuers(): Array<X509Certificate> {
+                return arrayOf()
+            }
+        })
+
+
     private fun geminiRequest(uri: URI, onUpdate: (state: GemState) -> Unit){
         last = uri
         val port = if(uri.port == -1) 1965 else uri.port
 
-        val sslContext = SSLContext.getInstance("TLSv1.2")
-        sslContext.init(null, DummyTrustManager.get(), SecureRandom())
+        val sslContext = SSLContext.getInstance("TLS")
+        sslContext.init(null, trustAllCerts, SecureRandom())
 
         val factory: SSLSocketFactory = sslContext.socketFactory
 
-        var socket: SSLSocket?
+        val allCipher = factory.supportedCipherSuites
+
+        allCipher.forEach { suite ->
+            println("Supported cipher suite: $suite")
+        }
+
+        val socket: SSLSocket?
         try {
             socket = factory.createSocket(uri.host, port) as SSLSocket
-            socket.enabledProtocols = arrayOf("TLSv1.2")
+
+            socket.supportedProtocols.forEach { protocol ->
+                println("Supported protocol $protocol")
+            }
+
+            socket.enabledCipherSuites = allCipher
+
+            //socket.enabledProtocols = socket.supportedProtocols
+            socket.enabledProtocols = socket.supportedProtocols
             socket.startHandshake()
         }catch(ce: ConnectException){
+            println("socket error: $ce")
             onUpdate(
                 GemState.ResponseError(
                     GeminiResponse.Header(
@@ -123,10 +152,11 @@ class GeminiDatasource(val context: Context): Datasource {
             )
             return
         }catch(she: SSLHandshakeException){
+            println("socket error: $she")
             onUpdate(
                 GemState.ResponseError(
                     GeminiResponse.Header(
-                        -1,
+                        -2,
                         she.message ?: she.toString()
                     )
                 )