Gemini Textboard

Back to thread list

#132 - Anonymous - Fri, 5 Mar 2021 10:01:13 UTC

Did this board recently switch to dezhemini?

#134 - -ZbPvhCc3xQxsG3AUOUjuTWT4Ua1ou9sA860h35FKxQ - Mon, 8 Mar 2021 08:30:13 UTC

It did not, it's still using my haskell-gemini libraries. I did add client cert support though :)

#135 - Anonymous - Mon, 8 Mar 2021 12:57:45 UTC

Hmm. It started refusing my attempts to resume TLS sessions. Have to do a full handshake each time now.

#136 - Anonymous - Sun, 14 Mar 2021 09:04:45 UTC

#137 - Anonymous - Sun, 14 Mar 2021 09:06:22 UTC

So maybe this is related to the limitation of the haskell tls library that it doesn't let you get the client certificate for a resumed session? Are you just disallowing resumed sessions to get around this? If so, maybe you can do it more nicely so it doesn't just give an error in the client.

#138 - -ZbPvhCc3xQxsG3AUOUjuTWT4Ua1ou9sA860h35FKxQ - Sun, 14 Mar 2021 17:30:49 UTC

Maybe? I mostly used default options, so it could also be that I just have to explicitly enable resumption. Let me check...

#139 - -ZbPvhCc3xQxsG3AUOUjuTWT4Ua1ou9sA860h35FKxQ - Sun, 14 Mar 2021 17:38:41 UTC

Ah right, I forgot to mention that while now I'm using HsOpenSSL to handle TLS, before then the haskell server did not handle encrypted connections at all, it was just behind stunnel (which apparently does support resumption)

#140 - Anonymous - Sun, 14 Mar 2021 17:52:04 UTC

Hmm, this is really weird. I don't set any initialization option that could affect resumption and I also set SSL_VERIFY_CLIENT_ONCE... could it be because I'm doing an unidirectional shutdown?

#141 - Anonymous - Mon, 15 Mar 2021 07:15:16 UTC

I don't know... let's discuss this by email? mbays@sdf.org

#142 - -ZbPvhCc3xQxsG3AUOUjuTWT4Ua1ou9sA860h35FKxQ - Sat, 20 Mar 2021 07:41:54 UTC

Aaaand... fixed! It was the missing session id context

New reply