💾 Archived View for bbs.geminispace.org › u › skyjake › 19204 captured on 2024-08-31 at 15:50:29. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "[gemini link] A mere year and three months later... [gemini..."
Proxying is on my todo list if I can figure out how to make it work properly. The problem is with TLS client certificates. The way I've understood it, you'd have to set up the proxy connection before the TLS handshake occurs, and I'm not sure if that's possible using the pyOpenSSL APIs.
Aug 25 · 7 days ago
I think it might be worth looking at how Nginx handles proxy an internal https server to outside.
Looks like what it’s actually doing is reencrypting, so the internal server has to resolve the first certificate, decrypt it, and then reencypt the data with the new cert on its way out the proxy.
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
[gemini link] A mere year and three months later... [gemini link] I've gone and implemented a Misfin extension for GmCapsule. It's available in v0.9. I made it as simple as possible: it does basic certificate checking/TOFU but then just forwards the message to an email address. The assumption here is that the destination is reachable without transmitting the message as clear text. This could be for example a local account or, in my case, Proton email that is sent encrypted to the server. The...
💬 skyjake [mod...] · 3 comments · 4 likes · Aug 24 · 7 days ago