Moonlander dev update:
I made TOFU work! But security is still nonexistent! Why?
rustls's default `ServerClientVerifier::verify_tls12_signature` (and tls13) implementations break with some Gemini servers (I think because of the lack of SAN?), and I have absolutely no idea how to implement them manually, so they are essentially just "return true"-ing at the moment.
Any TLS wizards who think they might be able to give a hand with this, please let me know!
https://git.sr.ht/~admicos/moonlander/tree/main/item/proto-gemini/src/verifier/mod.rs#L56
I am going to just assume that only "makes sense" with CAs because all of the (limited) documentation I have found expect a CA.
If I am correct (which I very well might not be) then those functions can stay "blank" like they are now and still be (probably) secure.
Anyways, have a screenshot
Server run by the main developers of the project 
It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!
Is verifying these even necessary for CA-less TLS? I am trying to look stuff up but documentation about this seems to be rare.