💾 Archived View for rawtext.club › ~sloum › geminilist › 001435.gmi captured on 2020-11-07 at 02:13:14. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Martin Keegan martin at no.ucant.org
Tue Jun 9 01:34:10 BST 2020
- - - - - - - - - - - - - - - - - - -
On Mon, 8 Jun 2020, solderpunk wrote:
Are there any other
servers requiring client certificates that I can test against?
I don't think there are yet. But lately I've been working to add good
Yes, blizanci supports enforcement of client certificates. You can tryto get the URL:
gemini://gemini.ucant.org/restricted/example.gemini
and it'll give you a status 20 or status 60 as the case may be.
CGI and SCGI support to Molly Brown, including passing information about
client certs on to aps through the variables (following Sean's lead for
now, although I need to bring up some points for discussion about this
in the near future). Very soon I will take advantage of this to start
My implementation is that $REMOTE_USER is set to the common name in the cert subject. I think this is a good idea, but I don't think it's common practice in the Gemini universe.
(I remain skeptical about whether SSL is the right choice - I reckonGemini's simplicity goal is going to run up against the practice oftrying to reuse as much existing infrastructure as possible.)
Mk
-- Martin Keegan, +44 7779 296469, @mk270, https://mk.ucant.org/