-- Leo's gemini proxy

-- Connecting to git.thebackupbox.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

repo: tlsa
action: commit
revision:
path_from:
revision_from: 9857f93bbaea83e2c64968d349ed0ff7cb2bf609:
path_to:
revision_to:

commit 9857f93bbaea83e2c64968d349ed0ff7cb2bf609
Author: epoch <epoch@thebackupbox.net>
Date:   Wed Aug 31 13:05:13 2022 -0500

    added fallback to plain TLS

diff --git a/test.py b/test.py

--- a/test.py
+++ b/test.py
@@ -1,16 +1,41 @@
 #!/usr/bin/env python3

+import socket
+import sys
 import tlsa
+import ssl
+
+ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ctx.load_default_certs()
+ctx.verify_mode = ssl.CERT_REQUIRED
+ctx.check_hostname = True

 t = tlsa.TLSA()

-conn = t.connect_verify("cosmic.voyage", 1965, debug=True)
-conn.send(b"gemini://cosmic.voyage/\r\n")
+#host = "cosmic.voyage" #works
+#host = "gemini.thebackupbox.net" #fails because it is set in my /etc/hosts file
+host = "astrobotany.mozz.us"
+port = 1965
+
+try:
+    conn = t.connect_verify(host, 1965, debug=True, secure=True) #if secure=False, we'll accept TLSA records that aren't DNSSEC signed
+except tlsa.DNSLookupError as e: #this will happen if DNSSEC doesn't exist, so we'd have to go through extra effort to accept TLSA without DNSSEC
+    print("No TLSA record. Fallling back to not checking DNSSEC or TLSA.")
+    s=socket.create_connection((host,port))
+    conn = ctx.wrap_socket(s,server_hostname=host)
+except Exception as e:
+    print("errrrrr")
+    raise e
+    sys.exit(1)
+conn.send("gemini://{}/\r\n".format(host).encode())
 buf = b""
 d = conn.recv(4)
 while d != b"":
     buf += d
     d = conn.recv(4)
-
-print(buf.decode()[1:50] + "[...]")
+    try:
+        sys.stdout.write(buf.decode())
+        buf=b""
+    except: #failed to decode. a utf-8 sequence probably was at the end and wasn't finished.
+        pass

-- Response ended

-- Page fetched on Sun Jun 2 18:35:07 2024