go-gemini/README.md

# go-gemini

[![GoDoc](https://godoc.org/git.sr.ht/~adnano/go-gemini?status.svg)](https://godoc.org/git.sr.ht/~adnano/go-gemini)

`go-gemini` implements the [Gemini protocol](https://gemini.circumlunar.space)
in Go.

It aims to provide an API similar to that of `net/http` to make it easy to
develop Gemini clients and servers.

## Examples

See `examples/client` and `examples/server` for an example client and server.

To run the examples:

	go run -tags=example ./examples/server

## Overview

A quick overview of the Gemini protocol:

1. Client opens connection
2. Server accepts connection
3. Client and server complete a TLS handshake
4. Client validates server certificate
5. Client sends request
6. Server sends response header
7. Server sends response body (only for successful responses)
8. Server closes connection
9. Client handles response

The way this is implemented in this package is like so:

1. Client makes a request with `NewRequest`. The client then sends the request
	with `(*Client).Send(*Request) (*Response, error)`. The client then determines whether
	to trust the certificate (see [TOFU](#tofu)).
2. Server recieves the request and constructs a response.
	The server calls the `Serve(*ResponseWriter, *Request)` method on the
	`Handler` field. The handler writes the response. The server then closes
	the connection.
3. Client recieves the response as a `*Response`. The client then handles the
	response.

## TOFU

`go-gemini` makes it easy to implement Trust On First Use in your clients.

The default client loads known hosts from `$XDG_DATA_HOME/gemini/known_hosts`.
If that is all you need, you can simply use the top-level `Send` function:

```go
// Send uses the default client, which will load the default list of known hosts.
req := gemini.NewRequest("gemini://example.com")
gemini.Send(req)
```

Clients can also load their own list of known hosts:

```go
client := &Client{}
if err := client.KnownHosts.LoadFrom("path/to/my/known_hosts"); err != nil {
	log.Fatal(err)
}
```

Clients can then specify how to trust certificates in the `TrustCertificate`
field:

```go
client.TrustCertificate = func(hostname string, cert *x509.Certificate, knownHosts *gemini.KnownHosts) error {
	// If the certificate is in the known hosts list, allow the connection
	return knownHosts.Lookup(hostname, cert)
}
```

Advanced clients can prompt the user for what to do when encountering an unknown certificate:

```go
client.TrustCertificate = func(hostname string, cert *x509.Certificate, knownHosts *gemini.KnownHosts) error {
	err := knownHosts.Lookup(cert)
	if err != nil {
		switch err {
		case gemini.ErrCertificateNotTrusted:
			// Alert the user that the certificate is not trusted
			fmt.Printf("Warning: certificate for %s is not trusted!\n", hostname)
			fmt.Println("This could indicate a Man-in-the-Middle attack.")
		case gemini.ErrCertificateUnknown:
			// Prompt the user to trust the certificate
			if userTrustsCertificateTemporarily() {
				// Temporarily trust the certificate
				return nil
			} else if userTrustsCertificatePermanently() {
				// Add the certificate to the known hosts file
				knownHosts.Add(cert)
				return nil
			}
		}
	}
	return err
}
```

See `examples/client` for an example client.
Initial commit 2020-09-21 19:48:42 +00:00			`# go-gemini`

Add link to documentation in README.md 2020-09-21 22:28:34 +00:00			`[![GoDoc](https://godoc.org/git.sr.ht/~adnano/go-gemini?status.svg)](https://godoc.org/git.sr.ht/~adnano/go-gemini)`

Add package declaration comment 2020-09-22 02:09:50 +00:00			`go-gemini` implements the [Gemini protocol](https://gemini.circumlunar.space)
			`in Go.`
Initial commit 2020-09-21 19:48:42 +00:00
Add examples 2020-09-21 21:23:51 +00:00			It aims to provide an API similar to that of `net/http` to make it easy to
			`develop Gemini clients and servers.`
Initial commit 2020-09-21 19:48:42 +00:00
Add examples 2020-09-21 21:23:51 +00:00			`## Examples`
Initial commit 2020-09-21 19:48:42 +00:00
Add examples 2020-09-21 21:23:51 +00:00			See `examples/client` and `examples/server` for an example client and server.
Initial commit 2020-09-21 19:48:42 +00:00
Add examples 2020-09-21 21:23:51 +00:00			`To run the examples:`
Initial commit 2020-09-21 19:48:42 +00:00
Rename example directory to examples 2020-09-21 22:25:31 +00:00			`go run -tags=example ./examples/server`
Update README.md 2020-09-25 00:13:59 +00:00
			`## Overview`

			`A quick overview of the Gemini protocol:`

			`1. Client opens connection`
			`2. Server accepts connection`
			`3. Client and server complete a TLS handshake`
			`4. Client validates server certificate`
			`5. Client sends request`
			`6. Server sends response header`
			`7. Server sends response body (only for successful responses)`
			`8. Server closes connection`
			`9. Client handles response`

			`The way this is implemented in this package is like so:`

Remove TLSConfig fields 2020-09-25 22:53:20 +00:00			1. Client makes a request with `NewRequest`. The client then sends the request
Refactor TOFU 2020-09-26 03:06:54 +00:00			with `(Client).Send(Request) (*Response, error)`. The client then determines whether
Update documentation 2020-09-27 20:21:56 +00:00			`to trust the certificate (see [TOFU](#tofu)).`
Update README.md 2020-09-25 00:13:59 +00:00			`2. Server recieves the request and constructs a response.`
			The server calls the `Serve(ResponseWriter, Request)` method on the
			`Handler` field. The handler writes the response. The server then closes
			`the connection.`
Implement configurable Client 2020-09-25 23:53:50 +00:00			3. Client recieves the response as a `*Response`. The client then handles the
			`response.`
Refactor TOFU 2020-09-26 03:06:54 +00:00
			`## TOFU`

Update README.md 2020-09-26 17:59:24 +00:00			`go-gemini` makes it easy to implement Trust On First Use in your clients.

Update documentation 2020-09-27 20:21:56 +00:00			The default client loads known hosts from `$XDG_DATA_HOME/gemini/known_hosts`.
			If that is all you need, you can simply use the top-level `Send` function:

			```go
Fix README.md 2020-09-27 20:31:41 +00:00			`// Send uses the default client, which will load the default list of known hosts.`
Update documentation 2020-09-27 20:21:56 +00:00			`req := gemini.NewRequest("gemini://example.com")`
			`gemini.Send(req)`
			```

			`Clients can also load their own list of known hosts:`
Refactor TOFU 2020-09-26 03:06:54 +00:00
			```go
Update README.md 2020-09-26 17:59:24 +00:00			`client := &Client{}`
Update documentation 2020-09-27 20:21:56 +00:00			`if err := client.KnownHosts.LoadFrom("path/to/my/known_hosts"); err != nil {`
Update README.md 2020-09-26 17:59:24 +00:00			`log.Fatal(err)`
Refactor TOFU 2020-09-26 03:06:54 +00:00			`}`
			```
Differentiate between unknown and untrusted certificates 2020-09-26 17:27:03 +00:00
Update README.md 2020-09-26 17:59:24 +00:00			Clients can then specify how to trust certificates in the `TrustCertificate`
			`field:`

			```go
Update documentation 2020-09-27 20:21:56 +00:00			`client.TrustCertificate = func(hostname string, cert x509.Certificate, knownHosts gemini.KnownHosts) error {`
Update README.md 2020-09-26 17:59:24 +00:00			`// If the certificate is in the known hosts list, allow the connection`
Update documentation 2020-09-27 20:21:56 +00:00			`return knownHosts.Lookup(hostname, cert)`
Update README.md 2020-09-26 17:59:24 +00:00			`}`
			```

			`Advanced clients can prompt the user for what to do when encountering an unknown certificate:`

Differentiate between unknown and untrusted certificates 2020-09-26 17:27:03 +00:00			```go
Update documentation 2020-09-27 20:21:56 +00:00			`client.TrustCertificate = func(hostname string, cert x509.Certificate, knownHosts gemini.KnownHosts) error {`
Update README.md 2020-09-26 18:34:15 +00:00			`err := knownHosts.Lookup(cert)`
			`if err != nil {`
			`switch err {`
			`case gemini.ErrCertificateNotTrusted:`
			`// Alert the user that the certificate is not trusted`
Update documentation 2020-09-27 20:21:56 +00:00			`fmt.Printf("Warning: certificate for %s is not trusted!\n", hostname)`
			`fmt.Println("This could indicate a Man-in-the-Middle attack.")`
Update README.md 2020-09-26 18:34:15 +00:00			`case gemini.ErrCertificateUnknown:`
			`// Prompt the user to trust the certificate`
			`if userTrustsCertificateTemporarily() {`
			`// Temporarily trust the certificate`
			`return nil`
Implement certificate creation 2020-09-27 17:50:48 +00:00			`} else if userTrustsCertificatePermanently() {`
Update README.md 2020-09-26 18:34:15 +00:00			`// Add the certificate to the known hosts file`
			`knownHosts.Add(cert)`
			`return nil`
Differentiate between unknown and untrusted certificates 2020-09-26 17:27:03 +00:00			`}`
			`}`
Update README.md 2020-09-26 18:34:15 +00:00			`}`
			`return err`
Differentiate between unknown and untrusted certificates 2020-09-26 17:27:03 +00:00			`}`
			```
Update documentation 2020-09-27 20:21:56 +00:00
			See `examples/client` for an example client.