💾 Archived View for gem.benscraft.info › mailing-list › messages › 249 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- Alan <gemini at bunburya.eu>
@ Fri, 16 Apr 2021 17:59 +0100
────────────────────────────────────────────────────────────────────────────────
Recently I decided to have a go at writing a basic Gemini server in
Kotlin and have found some rather unusual behaviour.
When using the Amfora browser, I was unable to view "20" responses,
getting instead the following error: "/Issuing creating page: remote
error: tls: user//canceled/". Unusually, every other response is
displayed fine.
Other clients written in Go also seem to be affected by this:
Solderpunk's demo client (https://tildegit.org/solderpunk/gemini-demo-3)
has the same issue, for example. Non-Go clients (Castor, Kristall,
Lagrange, gmni) don't.
My Kotlin code gets an instance of javax.net.ssl.SSLContext using the
TLS protocol, loads a KeyStore file (in JKS or PKCS12 format) and
creates an SSLServerSocket instance that it uses to listen for
connections. I haven't uploaded my code anywhere, but the approach is
similar to that taken in Earl
(https://github.com/mrletourneau/EarlServer), which has the same issue
for me.
From searching around for the error message and looking at Java logs,
it seems that under TLSv1.3, Java (I tested on openjdk8 and openjdk11)
sends /alert(user_canceled)/ to the client just prior to
/alert(notify_close)/ (to notify it of the intention to close the TLS
connection). And it looks like this/user_canceled/ is interpreted as an
error by Go, whereas other libraries just ignore it. I tested the Jemini
server (https://github.com/warmuuh/jemini) which uses Jetty and the
problem doesn't arise there (it doesn't seem to send /user_canceled/); I
guess Jetty has its own implementation of SSL sockets?
Has anyone else had similar problems trying to make requests to a
JVM-based Gemini server using a Go-based client (or in other
circumstances)? Or can others replicate this behaviour using (for
example) Earl + Amfora? Assuming the problem isn't just me, I'm not sure
if it's better described as an issue with Go or Java - it seems strange
that Java would send "user_canceled", but equally Go probably probably
shouldn't treat it as an error. Regardless, I wanted to mention it in
case it trips anyone else up. I guess Go clients could manually
intercept and gracefully handle the alert, but I suspect the preferred
answer will simply be not to use servers that send it.
I'm fairly new to the world of TLS so apologies if I'm getting something
completely wrong.
════════════════════════════════════════════════════════════════════════════════