Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS fails with many gemini servers #1

Open
bwestergard opened this issue Feb 17, 2022 · 1 comment
Open

TLS fails with many gemini servers #1

bwestergard opened this issue Feb 17, 2022 · 1 comment

Comments

@bwestergard
Copy link

bwestergard commented Feb 17, 2022
edited
Loading

This library seems to fail for a great many gemini severs that work fine with browsers like Lagrange and Amfora.

The gemini://gemini.circumlunar.space capsule is fetched without issue.

bjorn@babylon:~/project/arecibo$ npx gemini-fetch gemini://gemini.circumlunar.space
# Project Gemini

## Overview

Gemini is a new internet protocol which:

But several other sites I've tried consistently fail:

bjorn@babylon:~/project/arecibo$ npx gemini-fetch gemini://flounder.online
Error: Client network socket disconnected before secure TLS connection was established
    at connResetException (internal/errors.js:628:14)
    at TLSSocket.onConnectEnd (_tls_wrap.js:1569:19)
    at TLSSocket.emit (events.js:412:35)
    at endReadableNT (internal/streams/readable.js:1317:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)

bjorn@babylon:~/project/arecibo$ npx gemini-fetch gemini://bjornwestergard.com
Error: Client network socket disconnected before secure TLS connection was established
    at connResetException (internal/errors.js:628:14)
    at TLSSocket.onConnectEnd (_tls_wrap.js:1569:19)
    at TLSSocket.emit (events.js:412:35)
    at endReadableNT (internal/streams/readable.js:1317:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)

Since I control bjornwestergard.com, I can see that the agate process hosting the site logs the following only when receiving requests from this library:

[2022-02-17T23:47:37Z WARN  agate] 172.26.12.95:1965 - "" 00 "TLS error" error:unexpected error: no server certificate chain resolved

This issue in the agate repository suggests to me that this library is perhaps not sending the correct "Server Name Indication".
@bwestergard
Copy link
Author

Okay, I believe I have confirmed my hunch. This library does not do the correct Server Name Indication, but the fix is simple: extract the domain and pass it as a tlsOpt. Here is a minimal example you can use to reproduce with any Gemini server that supports SNI.

const request = require('@derhuerst/gemini/client')

request('gemini://bjornwestergard.com',
{
        tlsOpt: {
            rejectUnauthorized: false,
            servername: 'bjornwestergard.com', // Without this line, it fails.
        },
    },
(err, res) => {
	if (err) {
		console.error(err)
		process.exit(1)
	}

	console.log(res.statusCode, res.statusMessage)
	if (res.meta) console.log(res.meta)
	res.pipe(process.stdout)
})

This was referenced Feb 18, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Depend on latest version of @derhuerst/gemini bwestergard/gemini-fetch
1 participant
@bwestergard