💾 Archived View for bbs.geminispace.org › u › norayr › 15719 captured on 2024-08-19 at 00:07:21. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
Re: "Examples of handling TOFU and client certificates with..."
i researched all embedded tls libraries and have choset mbedtls so i think your choice is good.
i used it because i wanted to be able to write a https client in oberon.
so first i wrote a http client, implemented only GET request for case when the content-length is known or not known. i also implemented basicauth:
then i made the mbedtls wrapper and inherited from http class, and by changing just four methods (for read, write, connect, disconnect) by new functions that use mbedtls, was able to implement https connections:
— https://github.com/norayr/mbedtls
sorry, no documentation or readme yet.
Mar 23 · 5 months ago
you can find the oberon code there that uses the /etc/ssl/ca-certificates bundle or it can just present root certificate of letsencrypt if the server certificate is issued by letsencrypt. this way the memory footprint is much less.
i think i stumbled upon memory bug in recent versions of mbedtls and i was using older versions from other branch, i think something like 2.16 didn't have memory problems i encountered with newer versions.
my c test program was crashing and i tried moving a global variable in to a function and got the program killed by shack protector. so it looked to me that newer versions have memory bug, so normal for c project.
i also want to implement gemini protocol one day in oberon.
Examples of handling TOFU and client certificates with mbedTLS (in C)? — As a rite of passage I've decided to make a Gemini client in C, and as I'm new to SSL/networking, I have no idea how to handle TOFU or client certificates with mbedTLS. Has anyone else specifically made a gemini client with it? Or would you recommend that I try to figure out another SSL library? I avoided OpenSSL because the documentation seemed incomprehensible, but mbedTLS' documentation isn't much better. As an aside, I...