~nhanb/mcross

f449b0d14010a7e289c1dcf7198d8e66f22742eb — Bùi Thành Nhân 11 months ago d22e08d
don't check tls cert for now

Turns out there are more self-signed sites than otherwise. Apparently
the generally accepted way for gemini is trust-on-first-use. Before I
can implement that properly I'll just turn off cert validation
completely.
1 files changed, 8 insertions(+), 1 deletions(-)

M src/mcross/transport.py
M src/mcross/transport.py => src/mcross/transport.py +8 -1
@@ 1,4 1,5 @@
import re
import ssl
from urllib.parse import urlparse

import curio


@@ 100,9 101,15 @@ class GeminiUrl:


async def raw_get(url: GeminiUrl):
    # TODO: actually implement TOFU for TLS!
    # Right now it just accepts whatever
    context = ssl.create_default_context()
    context.check_hostname = False
    context.verify_mode = ssl.CERT_NONE
    sock = await curio.open_connection(
        url.host, url.port, ssl=True, server_hostname=url.host
        url.host, url.port, ssl=context, server_hostname=url.host
    )

    async with sock:
        await sock.sendall(f"gemini://{url.host}{url.path}\r\n".encode())
        header = (await sock.recv(MAX_RESP_HEADER_BYTES)).decode()