Follow

Moonlander dev update:

I made TOFU work! But security is still nonexistent! Why?

rustls's default `ServerClientVerifier::verify_tls12_signature` (and tls13) implementations break with some Gemini servers (I think because of the lack of SAN?), and I have absolutely no idea how to implement them manually, so they are essentially just "return true"-ing at the moment.

Any TLS wizards who think they might be able to give a hand with this, please let me know!

git.sr.ht/~admicos/moonlander/

· · Web · 1 · 2 · 1

Is verifying these even necessary for CA-less TLS? I am trying to look stuff up but documentation about this seems to be rare.

I am going to just assume that only "makes sense" with CAs because all of the (limited) documentation I have found expect a CA.

If I am correct (which I very well might not be) then those functions can stay "blank" like they are now and still be (probably) secure.

Anyways, have a screenshot

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!