-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: tlsa action: commit revision: path_from: revision_from: 9857f93bbaea83e2c64968d349ed0ff7cb2bf609: path_to: revision_to:
commit 9857f93bbaea83e2c64968d349ed0ff7cb2bf609 Author: epoch <epoch@thebackupbox.net> Date: Wed Aug 31 13:05:13 2022 -0500 added fallback to plain TLS diff --git a/test.py b/test.py
--- a/test.py +++ b/test.py @@ -1,16 +1,41 @@ #!/usr/bin/env python3 +import socket +import sys import tlsa +import ssl + +ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +ctx.load_default_certs() +ctx.verify_mode = ssl.CERT_REQUIRED +ctx.check_hostname = True t = tlsa.TLSA() -conn = t.connect_verify("cosmic.voyage", 1965, debug=True) -conn.send(b"gemini://cosmic.voyage/\r\n") +#host = "cosmic.voyage" #works +#host = "gemini.thebackupbox.net" #fails because it is set in my /etc/hosts file +host = "astrobotany.mozz.us" +port = 1965 + +try: + conn = t.connect_verify(host, 1965, debug=True, secure=True) #if secure=False, we'll accept TLSA records that aren't DNSSEC signed +except tlsa.DNSLookupError as e: #this will happen if DNSSEC doesn't exist, so we'd have to go through extra effort to accept TLSA without DNSSEC + print("No TLSA record. Fallling back to not checking DNSSEC or TLSA.") + s=socket.create_connection((host,port)) + conn = ctx.wrap_socket(s,server_hostname=host) +except Exception as e: + print("errrrrr") + raise e + sys.exit(1) +conn.send("gemini://{}/\r\n".format(host).encode()) buf = b"" d = conn.recv(4) while d != b"": buf += d d = conn.recv(4) - -print(buf.decode()[1:50] + "[...]") + try: + sys.stdout.write(buf.decode()) + buf=b"" + except: #failed to decode. a utf-8 sequence probably was at the end and wasn't finished. + pass
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 18:35:07 2024