-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: tlswrap action: summary revision: path_from: revision_from: : path_to: revision_to:
Display summary about given repository. This is the default command if no action is specified in URL, and only repository is specified.
# tlswrap inspired by: http://www.rickk.com/sslwrap/ ## what this program does tlswrap will load a cert and key from its arguments. attach the part of openssl that speaks TLS to stdin and stdout (using: SSL_set_rfd(0); SSL_set_wfd(1); ) accept a single connection sets a bunch of handy environment variables for the subprocess. fork a subprocess off. then it waits to read data from either the SSL or the subprocess. when it reads data from the TLS on stdin, it writes it to the subprocess. when it reads data from the subprocess, it writes it to TLS on stdout. that's pretty much it. I use it so I can have inetd handle the port binding and my inetd-compatible httpd can handle the http it kind of has a long line, I guess if you don't want long lines in your inetd you could put it into a script and pretend it is a config file. so instead of: 443 stream tcp nowait root /usr/local/bin/tlswrap tlswrap --verify-mode 0 /etc/ssl/https.crt /etc/ssl/keys/https.key /usr/libexec/httpd 443 stream tcp nowait root /etc/tlswrap/thebackupbox.net where /etc/tlswrap/thebackupbox.net contains just: ``` #!/usr/bin/env bash exec tlswrap --verify-mode 0 /etc/ssl/https.crt /etc/ssl/keys/https.key /usr/libexec/httpd ``` ## dependencies on debian: apt-get install openssl-dev other distros: ??? probably something close. whatever gets you -lssl and the proper headers. you can use wolfssl probably. I haven't tested. let me know if you do. ## to build: make ## to install: make install ## to configure certs per SNI create a directory to match against the servername. /etc/tlswrap/thebackupbox.net or, if you have a wildcard cert /etc/tlswrap/*.thebackupbox.net inside of this dir create two files named "cert" and "key" if the SNI fails to find a subdir, it falls back to what was specified on the command line.
-- Response ended
-- Page fetched on Tue May 7 20:03:29 2024