Michael Lazar lazar.michael22 at gmail.com
Thu Jan 9 06:00:04 GMT 2020
- - - - - - - - - - - - - - - - - - - ``` Hi all, I have been working on a python script that can be pointed to a gemini server,and will automatically send various types of requests to surface errors andother strange server behavior. This was suggested in the mailing list a whileago by solderpunk(?). I thought it was a neat idea so I took my own stab at it. I am not attempting to cover 100% of the gemini specification. Some of thechecks aren't even related to the spec, and are strictly informational.Take all results with a grain of salt. For example: - Does your server support IPv6?- What version of TLS do you negotiate?- Is your certificate's CA trusted?- How do you respond to a http:// URL?- How do you respond to a URL with an invalid UTF-8 byte sequence?- How do you respond to a request with a newline but no carriage return? The program can be found here: https://github.com/michael-lazar/jetforce/blob/master/jetforce_diagnostics.py I've included it in the jetforce repo out of convenience, but the script canbe downloaded and run independently of jetforce. The only hard dependency isPython 3.7+. The python "pyca/cryptography" library is an optional requirement,if you want to inspect server TLS certificates. Usage: ./jetforce_diagnostics.py host [port] This is very much still considered a work-in-progress. If you have anysuggestions or would like to contribute additional tests to run, please feelencouraged to respond here or open an issue or PR in the github repo. To save you all the trouble, I have already run this against all known geminiservers and published the results on my server. This is not an attempt toshame anybody, my own server exposed several failures that I now need to fix.But I think there are some interesting insights to be gleaned about how serversare implemented in practice, and how the gemini spec might be improved: gemini://mozz.us/diagnostics/ Some of the results: - All servers use "\n" line endings on their home page instead of "\r\n"- No server will accept a URL without a scheme specified (per the spec, this should be implied as gemini://)- Only half of servers currently support TLS version 1.3 - mozz