💾 Archived View for bbs.geminispace.org › u › norayr › 15720 captured on 2024-05-26 at 16:03:44. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-05-12)

➡️ Next capture (2024-06-16)

🚧 View Differences

-=-=-=-=-=-=-

Comment by 🐙 norayr

Re: "Examples of handling TOFU and client certificates with..."

In: s/Gemini

you can find the oberon code there that uses the /etc/ssl/ca-certificates bundle or it can just present root certificate of letsencrypt if the server certificate is issued by letsencrypt. this way the memory footprint is much less.

i think i stumbled upon memory bug in recent versions of mbedtls and i was using older versions from other branch, i think something like 2.16 didn't have memory problems i encountered with newer versions.

my c test program was crashing and i tried moving a global variable in to a function and got the program killed by shack protector. so it looked to me that newer versions have memory bug, so normal for c project.

i also want to implement gemini protocol one day in oberon.

🐙 norayr

Mar 23 · 2 months ago

Original Post

🌒 s/Gemini

Examples of handling TOFU and client certificates with mbedTLS (in C)? — As a rite of passage I've decided to make a Gemini client in C, and as I'm new to SSL/networking, I have no idea how to handle TOFU or client certificates with mbedTLS. Has anyone else specifically made a gemini client with it? Or would you recommend that I try to figure out another SSL library? I avoided OpenSSL because the documentation seemed incomprehensible, but mbedTLS' documentation isn't much better. As an aside, I...

💬 QuARC · 3 comments · 1 like · Mar 21 · 2 months ago · #certificates #client_certificates #encryption