๐Ÿ’พ Archived View for bbs.geminispace.org โ€บ u โ€บ clseibold โ€บ 5599 captured on 2023-09-28 at 17:01:56. Gemini links have been rewritten to link to archived content

View Raw

More Information

โžก๏ธ Next capture (2023-11-04)

-=-=-=-=-=-=-

Re: "SNI for misfin: I am getting a "you didn't provide SNI"..."

Comment in: s/misfin

@gemalaya Right, I'm aware that that's what it does. I've explained in the other thread why the bind address *has to* be different from the SubjAltName, because my system cannot and will never work with this assumption. There's no way around it. I was required to change the bind address because of this assumption. I cannot use my public ip address on my own network because I don't have loopback (I believe that's what it's called when you use your own public ip from within your own network).

๐Ÿš€ clseibold

2023-09-26 ยท 2 days ago

3 Later Comments โ†“

๐Ÿ˜บ gemalaya

@clseibold So yeah, right now, the hostname value that you pass when you create the certificate is the hostname that misfin will bind the socket to.

But note that you can also pass an IP address, i just did that and it works

misfin make-cert ip "IP" 192.168.1.28 28.pem
misfin receive-as 28.pem 
Receiving for: IP (ip@192.168.1.28)                     
Listening on: 192.168.1.28

๐Ÿš€ clseibold

@gemalaya Yes, it works, but now your certificate is incorrect. Your certificate has to be your domain name. Also, the bind address is what you want to listen on. I'm actually unsure if it needs to be the public IP, or the private IP of the computer (I think the private IP of the computer will work, actually).

Regardless, the cert has to be the domain name or every other server you send mail to will end up failing the verification.

๐Ÿ˜บ gemalaya

@clseibold You're right. I'm working on a service command that will let you serve multiple identities and store messages, it's not too much work.

Original Post

๐ŸŒ’ s/misfin

SNI for misfin: I am getting a "you didn't provide SNI" error in one misfin server when I try to access it via the Python client, apparently that uses a different ssl library. I wonder if that is intended, to work it has to be active in both the client and the server

๐Ÿ’ฌ alexlehm ยท 20 comments ยท 2023-09-26 ยท 3 days ago