💾 Archived View for 80h.dev › glog › 2020-05-05.gemini captured on 2020-09-24 at 00:41:28. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
tldr; 9 problems found but not all are problems imho.
UPDATE: Left to maybe fix [Homepage],[RequestMissingCR],[URLAboveMaxSize],
[URLDotEscape]
That was fun. It took a few runs of the script erroring out on everything for
me to realize why. I've been testing gemserv with bombadillo and av-98 without
problems.
I guess in python you have to wrap the socket like so:
wrap_socket(socket, server_hostname = self.netloc)
I already knew sni had to be set on the server side but never even worried
about whether clients would have problems connecting to gemserv.
Anyway now that's taken care of the results are interesting[1]. I had to add
some error handling that was ignored before. Let's see what's left.
[IPv6Address] Establish a connection over an IPv6 address
Looking up IPv6 address for '80h.dev'
✓ '2604:a880:800:c1::3c3:e001'
Attempting to connect to [2604:a880:800:c1::3c3:e001]:1965
x [Errno 101] Network is unreachable
My home internet is ipv4 so that's fine.
[TLSVerified] Certificate should be self-signed or have a trusted issuer
Connecting over verified SSL socket
x [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)
I made my own ca to sign my own cert. I should probably change that.
[Homepage] Request the gemini homepage
Requesting URL
'gemini://80h.dev/\r\n'
...
Body should use "\r\n" line endings
x Invalid line ending
Setting my editor to "\r\n" would fix that. Or maybe have the server parse all
gemini files and add them in?
[HomepageRedirect] A URL with no trailing slash should redirect to the canonical resource
Requesting URL
'gemini://80h.dev\r\n'
...
[PageNotFound] Request a gemini URL that does not exist
Requesting URL
'gemini://80h.dev/09pdsakjo73hjn12id78\r\n'
...
Body should be empty
x '\r\n'
Ok That needs looked at.
[RequestMissingCR] A request without a <CR> should timeout
Requesting URL
'gemini://80h.dev/\n'
Response header
'20\ttext/gemini\r\n'
No response should be received
x '20'
It's wrong but I'm not a fan of it anyway.
[URLSchemeMissing] A URL without a scheme should be inferred as gemini
Requesting URL
'//80h.dev/\r\n'
Response header
'59\tBad Request!\r\n'
Status should return a success code (20 SUCCESS)
x Received status of '59
Needs fixed.
[URLAboveMaxSize] Send a 1025 byte URL, above the maximum allowed size
Requesting URL
'gemini://80h.dev/000 ... 000\r\n'
Response header
'51\tNot found!\r\n'
Connection should either drop, or return 59 (BAD REQUEST)
x '51'
Hmm, right now gemserv only reads the first 1024 bytes and drops the rest. I'm
not sure if I should keep reading or continue like this.
[URLWrongPort] A URL with an incorrect port number should be rejected
Requesting URL
'gemini://80h.dev:443/\r\n'
Response header
'20\ttext/gemini\r\n'
Status should return a failure code (53 PROXY REQUEST REFUSED)
x Received status of '20'
Will fix.
[URLDotEscape] A URL should not be able to escape the root using dot notation
Requesting URL
'gemini://80h.dev/../../\r\n'
Response header
'20\ttext/gemini\r\n'
Status should return a failure code (5X PERMANENT FAILURE)
x Received status of '20'
Interestingly I had this as a check but noticed it never got called. It seems
that the url crate I use collapses it. Requesting "80h.dev/../../" will be read
as "80h.dev/" So maybe fix?
All in all most of those aren't bad.