💾 Archived View for bbs.geminispace.org › s › Gemini › 15700 captured on 2024-05-26 at 15:08:48. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-05-12)
-=-=-=-=-=-=-
As a rite of passage I've decided to make a Gemini client in C, and as I'm new to SSL/networking, I have no idea how to handle TOFU or client certificates with mbedTLS. Has anyone else specifically made a gemini client with it?
Or would you recommend that I try to figure out another SSL library? I avoided OpenSSL because the documentation seemed incomprehensible, but mbedTLS' documentation isn't much better.
As an aside, I think I'm gonna avoid C for the server, the amount of rookie mistakes I made while making the client was kinda scary. (I learnt that strncpy doesn't always null-terminate the hard way.)
Mar 21 · 2 months ago · 👍 norayr
I don't have direct experience, but I suggest using OpenSSL:
1- you know OpenSSL is still going to be supported and up-to-date a year or 2 from now.
2- there are lots of examples out there for it, especially for C
3- if you are going to write your server in another language, there are mostly likely going to be openssl bindings, so your knowledge is transferable
i researched all embedded tls libraries and have choset mbedtls so i think your choice is good.
i used it because i wanted to be able to write a https client in oberon.
so first i wrote a http client, implemented only GET request for case when the content-length is known or not known. i also implemented basicauth:
then i made the mbedtls wrapper and inherited from http class, and by changing just four methods (for read, write, connect, disconnect) by new functions that use mbedtls, was able to implement https connections:
— https://github.com/norayr/mbedtls
sorry, no documentation or readme yet.
you can find the oberon code there that uses the /etc/ssl/ca-certificates bundle or it can just present root certificate of letsencrypt if the server certificate is issued by letsencrypt. this way the memory footprint is much less.
i think i stumbled upon memory bug in recent versions of mbedtls and i was using older versions from other branch, i think something like 2.16 didn't have memory problems i encountered with newer versions.
my c test program was crashing and i tried moving a global variable in to a function and got the program killed by shack protector. so it looked to me that newer versions have memory bug, so normal for c project.
i also want to implement gemini protocol one day in oberon.