Weird dʒɛmɪni bug fixed

It's been awhile but I bring good news for people using dʒɛmɪni to host their capsule: a weird SSL bug in dʒɛmɪni has finally been fixed. I big "thank you" to mbays (for finding the issue), gluon (for hosting it and using dʒɛmɪni) and fgaz (for fixing it in his server)!

diohsc gemini client by mbays

capsule hosted by gluon using dʒɛmɪni

gemini server by fgaz

So what was wrong? I am not really sure but the problem occurred when using a client which supports TLS 1.3 "session reuse" aka resumption, causing the second hit on a dʒɛmɪni hosted capsule to fail at the handshake. Apparently I forgot to do a move in the OpenSSL ceremonial dance, namely set the session ID.

SSL_CTX_set_session_id_context

Fortunately racket does it for you when calling ssl-set-verify! but I didn't bother with it because I don't want verification because of TOFU. I was wrong and, have to admit, did not RTFM.

racket/openssl/ssl-set-verify!

This also seems to fix a similar issue I was having when running dʒɛmɪni on OpenBSD and using the Ariane client for Android, second hit going bad at handshake. Weird thing was: it did not occur on capsules hosted on a GNU/Linux distribution.

Ariane

Hurrah! Some order is restored in my world. Thank you to the people involved!

Cheers,

R.

--

📅 2021-03-22

🏷 dezhemini

📧 hello@rwv.io

CC BY-NC-SA 4.0