💾 Archived View for tilde.town › ~tickletickle › blog › 2021-02-06.gmi captured on 2024-06-16 at 12:35:09. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-08)

-=-=-=-=-=-=-

Nim and self-signed certificates

I spent some time writing my own gemini server and client.

Source code on github

It features some basic functionnality, actually just enough to write a file server with an atom feed.

Yet, I counldn't figure out how to allow trusting self-signed certificates that we have already seen.

The thing is that after the TLS handshake, it's only possible to retrieve validated certificates for inspection.

So either you don't validate certificates at all but cannot have a look at self-signed certificates, or

you validate certificates against the central authority and self-signed certificates will not pass.

What a pity... I might end up having to tap the openssl library directly to go over the certificate

handling code, just like in the foundation library used in Lagrange.