#8 archive command triggers offpunk crash 2 months ago

on ~lioploum/offpunk

~lioploum, on 2023-03-08:

Just released 1.9.1 to fix that properly.

Thanks, I uploaded that version to Debian unstable this evening.

Have a nice day :)

#3 Set up redirects if you choose to move to another domain/provider 2 months ago

Comment by ~lioploum on ~sircmpwn/pages.sr.ht

Would it allows to redirect a domain to another? Like redirecting www.mydomain.com to mydomain.com, avoiding the need to upload the site twice. (In my case, 6 times because 3 domains point to my website)

#20 Incremental upload 2 months ago

Comment by ~lioploum on ~sircmpwn/pages.sr.ht

Also interested by this. Always a bit sad to see a whole virtual machine being fired up and uploading hundred of Mo because I wanted to fix a typo in an old blog post.

#8 archive command triggers offpunk crash 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

Damn, I missed that one. Fixed plenty of those and thought it was fixed.

Just released 1.9.1 to fix that properly.

#9 manual page for offpunk(1) 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

manpage was added in the mdoc format in man/offpunk.1

REPORTED RESOLVED CLOSED

#11 Some gemini capsules sometimes fail with strange error 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

REPORTED RESOLVED FIXED

#11 Some gemini capsules sometimes fail with strange error 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

For the record, I’ve found the culprit.

The problem is that, when browsing Gemini, offpunk is using custom certificate code written by solderpunk for AV-98. This code calls directly a private function in the standard SSL library:

ssl._dnsname_match(dn,hostname)

This function expects two strings and will raise a CertificateError if the hostname doesn’t match the DN rules (including "*" rules).

In some very rare case, the dn exctracted from a certificate is an ip adress. What I still don’t understand is that, from the same certificate, the code sometime extracts an IP address, sometimes a DN.

But when it’s an IP address, this IP is not considered a string but an IPv4/6 object. Which cannot be manipulated as a string.

The quick and ugly fix to this is to cast the DN object as a string.

Of course, the real problem would be to understand what is happening in that naughty code and why there’s a need to call a private function.

#11 Some gemini capsules sometimes fail with strange error 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

Traceback (most recent call last):

File "/home/ploum/dev/offpunk/offpunk.py", line 2121, in _go_to_gi

gi = self._fetch_over_network(gi)

File "/home/ploum/dev/offpunk/offpunk.py", line 2424, in _fetch_over_network

address, f = self._send_request(gi)

File "/home/ploum/dev/offpunk/offpunk.py", line 2603, in _send_request

self._validate_cert(address[4][0], host, cert)

File "/home/ploum/dev/offpunk/offpunk.py", line 2715, in _validate_cert

ssl._dnsname_match(name, host)

File "/usr/lib/python3.10/ssl.py", line 289, in _dnsname_match

wildcards = dn.count('*')

AttributeError: 'IPv4Address' object has no attribute 'count'

#11 Some gemini capsules sometimes fail with strange error 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

gemini://thrig.me/blog/2023/03/04/xkcd-colon-slash-slash.gmi might cause the bug sometimes

#11 Some gemini capsules sometimes fail with strange error 2 months ago

Comment by ~lioploum on ~lioploum/offpunk

After investigation, this is definitely not the fix_ipv6_url function. The bug happen even when bypassing this function.

Strangely, I’ve not been able to reproduce the bug with HAS_CRYPTOGRAPHY = False.

This only happens with gemini URL.