board games, dance, wearable computing, vr, buddhism
when I query a local gmniserv server with gemini client diohsc version 0.1.6.1, in the browser I get: ! HandshakeFailed Error_EOF when quering a second document after a first successful load of index.gmi gmniserv shows:
127.0.0.1 anamnesis.org / 38ms 228 20 text/gemini
127.0.0.1 SSL accept error: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized
Other gemini clients work fine.
Search results for this error pointed to a TLS 1.3 incompatibility somewhere, either in diohsc or gmniserv. As there was a similar issue with another gemini server (dezhemini) i suspect it is gmnisrv perhaps in combination with my linux distribution (pop_os 21.04) with OpenSSL 1.1.1j 16 Feb 2021. I could not reproduce this issue when browsing with diohsc to my gemini://fsiefken.srht.site - where I assume gmniserv is running as well.
And it's solution as rwv relates it:
"the problem occurred when using a client which supports TLS 1.3 "session reuse" aka resumption, causing the second hit on a dʒɛmɪni hosted capsule to fail at the handshake. Apparently I forgot to do a move in the OpenSSL ceremonial dance, namely set the session ID.
Fortunately racket does it for you when calling ssl-set-verify! but I didn't bother with it because I don't want verification because of TOFU. I was wrong and, have to admit, did not RTFM.
racket/openssl/ssl-set-verify! This also seems to fix a similar issue I was having when running dʒɛmɪni on OpenBSD and using the Ariane client for Android, second hit going bad at handshake. Weird thing was: it did not occur on capsules hosted on a GNU/Linux distribution."
With another gemini server - gemserv (rust) - diohsc works ok.
Does gmniserv set the Session ID correctly?
mbed, it's small, maintained, in use by the dutch gov and it has an interesting background