💾 Archived View for rwv.io › 2021-03-22-ann-dezhemini-bugfix.gmi captured on 2023-06-16 at 16:08:28. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
It's been awhile but I bring good news for people using dʒɛmɪni to host their capsule: a weird SSL bug in dʒɛmɪni has finally been fixed. I big "thank you" to mbays (for finding the issue), gluon (for hosting it and using dʒɛmɪni) and fgaz (for fixing it in his server)!
capsule hosted by gluon using dʒɛmɪni
So what was wrong? I am not really sure but the problem occurred when using a client which supports TLS 1.3 "session reuse" aka resumption, causing the second hit on a dʒɛmɪni hosted capsule to fail at the handshake. Apparently I forgot to do a move in the OpenSSL ceremonial dance, namely set the session ID.
SSL_CTX_set_session_id_context
Fortunately racket does it for you when calling ssl-set-verify! but I didn't bother with it because I don't want verification because of TOFU. I was wrong and, have to admit, did not RTFM.
racket/openssl/ssl-set-verify!
This also seems to fix a similar issue I was having when running dʒɛmɪni on OpenBSD and using the Ariane client for Android, second hit going bad at handshake. Weird thing was: it did not occur on capsules hosted on a GNU/Linux distribution.
Hurrah! Some order is restored in my world. Thank you to the people involved!
Cheers,
R.
--
📅 2021-03-22
🏷 dezhemini
📧 hello@rwv.io
CC BY-NC-SA 4.0