💾 Archived View for rawtext.club › ~sloum › geminilist › 000662.gmi captured on 2020-09-24 at 02:24:56. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Fri May 15 09:05:27 BST 2020
- - - - - - - - - - - - - - - - - - - ``` On Fri, May 15, 2020 at 11:14:44AM +0430, Ben wrote: > I'm having an issue with elpher where it asks me to approve the site's SSL > cert because it says something like the issuer not being recognized... well > that can't be right, so either I set up Jetforce a little bit wrong > (specified the wrong files?), or this is some issue with elpher, which I > noticed complains about the certs of most Gemini sites. My issuer is > LetsEncrypt, which should be fine. I'm not sure because I haven't used it, but perhaps Elpher is one of thefew clients (the other I know of is Bombadillo) which have implementedthe TOFU security model recommended in the spec. Currentimplementations of Gemini are fairly inconsistent with how they handleTLS, which admittedly is my fault for speccing that clients can validatecerts however they like and just "strongly recommending" TOFU. Manypeople have fallen back on the standard CA approach. Heck, my own clientso far doesn't do any certificate validation at all! I'll be TOFUisingit this weekend, though. Cheers,Solderpunk