All, Hello! :-) It's been a while, but someone referenced something I said and... that's awesome!! :-D I wanted to share references to my response (however short it is for now) with the mailing list, to support further discussion in Gemlogs. I still haven't found a Gemini-worthy 'cross-link' solution that I like... so... this list is it. :shrug: One of the things I said: gemini://gemi.dev/gemini-mailing-list/messages/005353.gmi The reference to it: gemini://skyjake.fi/gemlog/2021-11_re-making-gemini-easy.gmi https://gem.ondollo.com/external/skyjake.fi/gemlog/2021-11_re-making-gemini-easy.gmi My limited response: gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem Thanks for remembering me skyjake! :-) -Mansfield
Hi, On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote: > My limited response: > gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem There's a problem with the certificate at ondollo.com so your link doesn't work. Botond
On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> wrote: > Hi, > > On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote: > > My limited response: > > gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem > > There's a problem with the certificate at ondollo.com so your link > doesn't work. > > Botond > Oh... interesting... the classic "works for me"... well, here's the cert from the Mozz proxies perspective: https://portal.mozz.us/gemini/ondollo.com?crt=1 I wonder what's wrong with it? Mozz doesn't load the site either... I guess I gave a poor link as well... the spaces weren't encoded. Does this link work for you? gemini:// ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem
On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote: > On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> > wrote: > >> Hi, >> >> On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote: >> > My limited response: >> > gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem >> >> There's a problem with the certificate at ondollo.com so your link >> doesn't work. >> >> Botond >> > > Oh... interesting... the classic "works for me"... well, here's the cert > from the Mozz proxies perspective: > > https://portal.mozz.us/gemini/ondollo.com?crt=1 > > I wonder what's wrong with it? Mozz doesn't load the site either... > > I guess I gave a poor link as well... the spaces weren't encoded. Does > this link work for you? gemini:// > ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem > > > I tweaked the server to accept connections that don't provide a cert - seems to have turned the Mozz close_notify red x to a green checkmark. Maybe now things will work better for you (and others with similar clients, no doubt). Many thanks for letting me know that that was broken!
According to Lagrange, the problem appears to be a domain name mismatch. It also says it isn't trusted, but I expect that that's because of the previous problem. On 10/11/2021 08:25, Mansfield wrote: > On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com <mailto:mansfield@ondollo.com>> wrote: > > On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com > <mailto:balazsbotond@gmail.com>> wrote: > > Hi, > > On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com > <mailto:mansfield@ondollo.com>> wrote: > > My limited response: > > gemini://ondollo.com/~/mansfield/A > <http://ondollo.com/~/mansfield/A> Writeable Gemini.gem > > There's a problem with the certificate at ondollo.com > <http://ondollo.com> so your link doesn't work. > > Botond > > > Oh... interesting... the classic "works for me"... well, here's the > cert from the Mozz proxies perspective: > > https://portal.mozz.us/gemini/ondollo.com?crt=1 > <https://portal.mozz.us/gemini/ondollo.com?crt=1> > > I wonder what's wrong with it? Mozz doesn't load the site either... > > I guess I gave a poor link as well... the spaces weren't encoded. > Does this link work for > you? gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem > <http://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem> > > > > I tweaked the server to accept connections that don't provide a cert - seems to have turned the Mozz close_notify red x to a green checkmark. > > Maybe now things will work better for you (and others with similar clients, no doubt). > > Many thanks for letting me know that that was broken! -- ------------------------- Gemini capsule: babiak.duckdns.org
Hello, From Lagrange: Domain NAme Mismatch (CN = self) 🙅 Untrusted Server Connection to the server was cancelled because its TLS certificate does not match the one we trust. Please check if the server has announced a certificate change. If not, it is possible that a malicious third party is masquerading as the server you tried to reach. The certificate can be marked as trusted in Page Information. Regards, Sent with [ProtonMail](https://protonmail.com/) Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, November 10th, 2021 at 07:25, Mansfield <mansfield@ondollo.com> wrote: > On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote: > >> On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> wrote: >> >>> Hi, >>> >>> On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote: >>>> My limited response: >>>> gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem >>> >>> There's a problem with the certificate at ondollo.com so your link doesn't work. >>> >>> Botond >> >> Oh... interesting... the classic "works for me"... well, here's the cert from the Mozz proxies perspective: >> >> https://portal.mozz.us/gemini/ondollo.com?crt=1 >> >> I wonder what's wrong with it? Mozz doesn't load the site either... >> >> I guess I gave a poor link as well... the spaces weren't encoded. Does this link work for you? gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem > > I tweaked the server to accept connections that don't provide a cert - seems to have turned the Mozz close_notify red x to a green checkmark. > > Maybe now things will work better for you (and others with similar clients, no doubt). > > Many thanks for letting me know that that was broken!
Mansfield <mansfield@ondollo.com> writes: > On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote: > > On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> wrote: > > Hi, > > On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote: > > My limited response: > > gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem > > There's a problem with the certificate at ondollo.com so your link doesn't work. > > Botond > > Oh... interesting... the classic "works for me"... well, here's the cert from the Mozz proxies perspective: > > https://portal.mozz.us/gemini/ondollo.com?crt=1 > > I wonder what's wrong with it? Mozz doesn't load the site either... > > I guess I gave a poor link as well... the spaces weren't encoded. Does this link work for you? > gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem > > I tweaked the server to accept connections that don't provide a cert - seems to have turned the Mozz close_notify red x to a green > checkmark. > > Maybe now things will work better for you (and others with similar clients, no doubt). > > Many thanks for letting me know that that was broken! It's still broken unfortunately. While it's true that the certificate doesn't include the domain name: % printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -c ondollo.com 1965 nc: tls handshake failed (name `ondollo.com' not present in server certificate) even if I throw a -noname at it (which disables the certificate name checking) the reply is still empty :/ % printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -Tnoname -c ondollo.com 1965 % echo $? 0
On Wed, Nov 10, 2021 at 4:19 AM Omar Polo <op@omarpolo.com> wrote: > > Mansfield <mansfield@ondollo.com> writes: > > > On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote: > > > > On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> > wrote: > > > > Hi, > > > > On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote: > > > My limited response: > > > gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem > > > > There's a problem with the certificate at ondollo.com so your link > doesn't work. > > > > Botond > > > > Oh... interesting... the classic "works for me"... well, here's the > cert from the Mozz proxies perspective: > > > > https://portal.mozz.us/gemini/ondollo.com?crt=1 > > > > I wonder what's wrong with it? Mozz doesn't load the site either... > > > > I guess I gave a poor link as well... the spaces weren't encoded. Does > this link work for you? > > gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem > > > > I tweaked the server to accept connections that don't provide a cert - > seems to have turned the Mozz close_notify red x to a green > > checkmark. > > > > Maybe now things will work better for you (and others with similar > clients, no doubt). > > > > Many thanks for letting me know that that was broken! > > It's still broken unfortunately. While it's true that the certificate > doesn't include the domain name: > > % printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -c ondollo.com 1965 > nc: tls handshake failed (name `ondollo.com' not present in server > certificate) > > even if I throw a -noname at it (which disables the certificate name > checking) the reply is still empty :/ > > % printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -Tnoname -c > ondollo.com 1965 > % echo $? > 0 > > Well, thanks for all the responses - turns out I had a few bits that needed adjusting beyond the common_name one. For anyone else caught in a tls debug process and wanting an easy way to test their server, I ended up using a command like this: ``` echo -e "/\r\n" | openssl s_client -crlf -connect domain.tld:1965 -ign_eof ``` That command alone won't get you all the way there, but it could help. It also helps that Gemini clients tend to not be complicated to get going with. Hopefully everything is accessible now!
On Thu, Nov 11, 2021 at 7:53 AM Mansfield <mansfield@ondollo.com> wrote: > > Hopefully everything is accessible now! Can confirm. Btw, what was the motivation to limit input length to 1024 bytes in the first place? I can't find anything about it in either the FAQ or the specification.
On 11. Nov 21, at 9.17, Balázs Botond <balazsbotond@gmail.com> wrote: > > Btw, what was the motivation to limit input length to 1024 bytes in > the first place? I can't find anything about it in either the FAQ or > the specification. Here's a relevant post from the archives where Solderpunk comments on the limit: gemini://gemi.dev/gemini-mailing-list/messages/001672.gmi IMO, uploading content via URL query strings is not a great idea because you must percent-encode all of it, and that can increase the size quite a bit. Better to use alternate methods to upload a "raw" octet stream. --jaakko
skyjake <skyjake@dengine.net> writes: > On 11. Nov 21, at 9.17, Balázs Botond <balazsbotond@gmail.com> wrote: >> >> Btw, what was the motivation to limit input length to 1024 bytes in >> the first place? I can't find anything about it in either the FAQ or >> the specification. > > Here's a relevant post from the archives where Solderpunk comments on the limit: gemini://gemi.dev/gemini-mailing-list/messages/001672.gmi > An interesting thread to read, ta! > IMO, uploading content via URL query strings is not a great idea > because you must percent-encode all of it, and that can increase the > size quite a bit. Better to use alternate methods to upload a "raw" > octet stream. I must admit having not touched octet streams before (whether raw or well-cooked), what am I missing out on? Does anybody have pointers/suggestions? I noticed a nice downstream post from Sean Conner, concerning his experience publishing via emails to his server => gemini://gemi.dev/gemini-mailing-list/messages/001722.gmi 2020-06-16 gemini+submit:// (was Re: Uploading Gemini content) I get this approach a little more readily. Im wondering whether a public-inbox type approach would be interesting: => https://public-inbox.org/ Equally so, given its symbiosis with Grokmirror => https://github.com/mricon/grokmirror > > --jaakko Jonathan
On Thu, Nov 11, 2021 at 03:50:47PM +0200, skyjake wrote: > On 11. Nov 21, at 9.17, Balázs Botond <balazsbotond@gmail.com> wrote: > > > > Btw, what was the motivation to limit input length to 1024 bytes in > > the first place? I can't find anything about it in either the FAQ or > > the specification. > > Here's a relevant post from the archives where Solderpunk comments on the limit: gemini://gemi.dev/gemini-mailing-list/messages/001672.gmi > > IMO, uploading content via URL query strings is not a great idea because you must percent-encode all of it, and that can increase the size quite a bit. Better to use alternate methods to upload a "raw" octet stream. > > --jaakko An IPFS hash is guaranteed to be under 1024 characters so treat that as passing a pointer rather than passing by value for uploads. This doesn't work for private data, but if you need secure uploads of private files you probably want a system that's not Gemini anyways.
---