You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This library seems to fail for a great many gemini severs that work fine with browsers like Lagrange and Amfora.
The gemini://gemini.circumlunar.space capsule is fetched without issue.
bjorn@babylon:~/project/arecibo$ npx gemini-fetch gemini://gemini.circumlunar.space
# Project Gemini
## Overview
Gemini is a new internet protocol which:
But several other sites I've tried consistently fail:
bjorn@babylon:~/project/arecibo$ npx gemini-fetch gemini://flounder.online
Error: Client network socket disconnected before secure TLS connection was established
at connResetException (internal/errors.js:628:14)
at TLSSocket.onConnectEnd (_tls_wrap.js:1569:19)
at TLSSocket.emit (events.js:412:35)
at endReadableNT (internal/streams/readable.js:1317:12)
at processTicksAndRejections (internal/process/task_queues.js:82:21)
bjorn@babylon:~/project/arecibo$ npx gemini-fetch gemini://bjornwestergard.com
Error: Client network socket disconnected before secure TLS connection was established
at connResetException (internal/errors.js:628:14)
at TLSSocket.onConnectEnd (_tls_wrap.js:1569:19)
at TLSSocket.emit (events.js:412:35)
at endReadableNT (internal/streams/readable.js:1317:12)
at processTicksAndRejections (internal/process/task_queues.js:82:21)
Since I control bjornwestergard.com, I can see that the agate process hosting the site logs the following only when receiving requests from this library:
[2022-02-17T23:47:37Z WARN agate] 172.26.12.95:1965 - "" 00 "TLS error" error:unexpected error: no server certificate chain resolved
This issue in the agate repository suggests to me that this library is perhaps not sending the correct "Server Name Indication".
The text was updated successfully, but these errors were encountered:
Okay, I believe I have confirmed my hunch. This library does not do the correct Server Name Indication, but the fix is simple: extract the domain and pass it as a tlsOpt. Here is a minimal example you can use to reproduce with any Gemini server that supports SNI.
const request = require('@derhuerst/gemini/client')
request('gemini://bjornwestergard.com',
{
tlsOpt: {
rejectUnauthorized: false,
servername: 'bjornwestergard.com', // Without this line, it fails.
},
},
(err, res) => {
if (err) {
console.error(err)
process.exit(1)
}
console.log(res.statusCode, res.statusMessage)
if (res.meta) console.log(res.meta)
res.pipe(process.stdout)
})
This library seems to fail for a great many gemini severs that work fine with browsers like Lagrange and Amfora.
The
gemini://gemini.circumlunar.space
capsule is fetched without issue.But several other sites I've tried consistently fail:
Since I control
bjornwestergard.com
, I can see that theagate
process hosting the site logs the following only when receiving requests from this library:This issue in the
agate
repository suggests to me that this library is perhaps not sending the correct "Server Name Indication".The text was updated successfully, but these errors were encountered: