Add link to ogirinal in readme

Export TLS & remove conn in request struct
This makes it possible to fully create another request outside of this module (which Hnakra will need) and has better parity with net/http.
2023-05-26 00:45:08 -04:00 · 2023-05-26 00:38:12 -04:00 · 2023-05-26 00:37:56 -04:00 · 2023-05-25 18:45:53 -04:00 · 2023-05-25 18:27:52 -04:00 · 2022-05-07 13:54:56 -04:00
30 changed files with 1049 additions and 1219 deletions
--- a/64
+++ b/64
@@ -1,51 +1,19 @@
-go-gemini is available under the terms of the MIT license:
+Copyright (c) 2020 Adnan Maolood
-	Copyright (c) 2020 Adnan Maolood
+Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
-	Permission is hereby granted, free of charge, to any person obtaining a copy
+The above copyright notice and this permission notice shall be included in all
-	of this software and associated documentation files (the "Software"), to deal
+copies or substantial portions of the Software.
 	in the Software without restriction, including without limitation the rights
 	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 	copies of the Software, and to permit persons to whom the Software is
 	furnished to do so, subject to the following conditions:
-	The above copyright notice and this permission notice shall be included in all
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-	copies or substantial portions of the Software.
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+SOFTWARE.
 	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 	SOFTWARE.
 Portions of this program were taken from Go:
 	Copyright (c) 2009 The Go Authors. All rights reserved.
 	Redistribution and use in source and binary forms, with or without
 	modification, are permitted provided that the following conditions are
 	met:
 	   * Redistributions of source code must retain the above copyright
 	notice, this list of conditions and the following disclaimer.
 	   * Redistributions in binary form must reproduce the above
 	copyright notice, this list of conditions and the following disclaimer
 	in the documentation and/or other materials provided with the
 	distribution.
 	   * Neither the name of Google Inc. nor the names of its
 	contributors may be used to endorse or promote products derived from
 	this software without specific prior written permission.
 	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 	LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 	A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 	OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 	LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 	THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 	(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 	OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/27
+++ b/27
@@ -0,0 +1,27 @@
 Copyright (c) 2009 The Go Authors. All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
 met:
   * Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.
   * Redistributions in binary form must reproduce the above
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
   * Neither the name of Google Inc. nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/README.md
+++ b/README.md
@@ -1,16 +1,21 @@
 # go-gemini
-[![godocs.io](https://godocs.io/git.sr.ht/~adnano/go-gemini?status.svg)](https://godocs.io/git.sr.ht/~adnano/go-gemini) [![builds.sr.ht status](https://builds.sr.ht/~adnano/go-gemini.svg)](https://builds.sr.ht/~adnano/go-gemini?)
+This repository is a fork of [go-gemini](https://godocs.io/git.sr.ht/~adnano/go-gemini)
 implementing better parity with net/http and some tweaks required for use in
 [Hnakra](https://git.tebibyte.media/sashakoshka/hnakra).
-Package gemini implements the [Gemini protocol](https://gemini.circumlunar.space) in Go.
+Package gemini implements the [Gemini protocol](https://gemini.circumlunar.space)
 in Go. It provides an API similar to that of net/http to facilitate the
 development of Gemini clients and servers.
-It provides an API similar to that of net/http to make it easy to develop Gemini clients and servers.
+Compatible with version v0.16.0 of the Gemini specification.
 Compatible with version v0.14.3 of the Gemini specification.
 ## Usage
-	import "git.sr.ht/~adnano/go-gemini"
+	import "git.tebibyte.media/sashakoshka/go-gemini"
 Note that some filesystem-related functionality is only available on Go 1.16
 or later as it relies on the io/fs package.
 ## Examples
@@ -19,8 +24,8 @@ To run an example:
 	go run examples/server.go
-## Contributing
+## License
-Send patches and questions to [~adnano/go-gemini-devel](https://lists.sr.ht/~adnano/go-gemini-devel).
+go-gemini is licensed under the terms of the MIT license (see LICENSE).
-
+Portions of this library were adapted from Go and are governed by a BSD-style
-Subscribe to release announcements on [~adnano/go-gemini-announce](https://lists.sr.ht/~adnano/go-gemini-announce).
+license (see LICENSE-GO). Those files are marked accordingly.
--- a/certificate/store.go
+++ b/certificate/store.go
@@ -6,53 +6,55 @@ import (
 	"crypto/x509/pkix"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
 )
-// A Store represents a certificate store.
+// A Store represents a TLS certificate store.
 // It generates certificates as needed and automatically rotates expired certificates.
 // The zero value for Store is an empty store ready to use.
 //
-// Certificate scopes must be registered with Register before calling Get or Load.
+// Store can be used to store server certificates.
-// This prevents the Store from creating or loading unnecessary certificates.
+// Servers should provide a hostname or wildcard pattern as a certificate scope.
 // Servers will most likely use the methods Register, Load and Get.
 //
 // Store can also be used to store client certificates.
 // Clients should provide a hostname as a certificate scope.
 // Clients will most likely use the methods Add, Load, and Lookup.
 //
 // Store is safe for concurrent use by multiple goroutines.
 type Store struct {
-	// CreateCertificate, if not nil, is called to create a new certificate
+	// CreateCertificate, if not nil, is called by Get to create a new
-	// to replace a missing or expired certificate. If CreateCertificate
+	// certificate to replace a missing or expired certificate.
 	// is nil, a certificate with a duration of 1 year will be created.
 	// The provided scope is suitable for use in a certificate's DNSNames.
 	CreateCertificate func(scope string) (tls.Certificate, error)
-	certs map[string]tls.Certificate
+	scopes map[string]struct{}
-	path  string
+	certs  map[string]tls.Certificate
-	mu    sync.RWMutex
+	path   string
 	mu     sync.RWMutex
 }
 // Register registers the provided scope with the certificate store.
 // The scope can either be a hostname or a wildcard pattern (e.g. "*.example.com").
 // To accept all hostnames, use the special pattern "*".
 //
 // Calls to Get will only succeed for registered scopes.
 // Other methods are not affected.
 func (s *Store) Register(scope string) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
-	if s.certs == nil {
+	if s.scopes == nil {
-		s.certs = make(map[string]tls.Certificate)
+		s.scopes = make(map[string]struct{})
 	}
-	s.certs[scope] = tls.Certificate{}
+	s.scopes[scope] = struct{}{}
 }
-// Add adds a certificate with the given scope to the certificate store.
+// Add registers the certificate for the given scope.
-// If a certificate for the given scope already exists, Add will overwrite it.
+// If a certificate already exists for scope, Add will overwrite it.
 func (s *Store) Add(scope string, cert tls.Certificate) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	if s.certs == nil {
 		s.certs = make(map[string]tls.Certificate)
 	}
 	// Parse certificate if not already parsed
 	if cert.Leaf == nil {
 		parsed, err := x509.ParseCertificate(cert.Certificate[0])
@@ -62,6 +64,22 @@ func (s *Store) Add(scope string, cert tls.Certificate) error {
 		cert.Leaf = parsed
 	}
 	if err := s.write(scope, cert); err != nil {
 		return err
 	}
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	if s.certs == nil {
 		s.certs = make(map[string]tls.Certificate)
 	}
 	s.certs[scope] = cert
 	return nil
 }
 func (s *Store) write(scope string, cert tls.Certificate) error {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	if s.path != "" {
 		certPath := filepath.Join(s.path, scope+".crt")
 		keyPath := filepath.Join(s.path, scope+".key")
@@ -69,35 +87,37 @@ func (s *Store) Add(scope string, cert tls.Certificate) error {
 			return err
 		}
 	}
 	s.certs[scope] = cert
 	return nil
 }
 // Get retrieves a certificate for the given hostname.
 // If no matching scope has been registered, Get returns an error.
 // Get generates new certificates as needed and rotates expired certificates.
 // It calls CreateCertificate to create a new certificate if it is not nil,
 // otherwise it creates certificates with a duration of 100 years.
 //
 // Get is suitable for use in a gemini.Server's GetCertificate field.
 func (s *Store) Get(hostname string) (*tls.Certificate, error) {
 	s.mu.RLock()
-	defer s.mu.RUnlock()
+	_, ok := s.scopes[hostname]
 	cert, ok := s.certs[hostname]
 	if !ok {
 		// Try wildcard
 		wildcard := strings.SplitN(hostname, ".", 2)
 		if len(wildcard) == 2 {
 			hostname = "*." + wildcard[1]
-			cert, ok = s.certs[hostname]
+			_, ok = s.scopes[hostname]
 		}
 	}
 	if !ok {
 		// Try "*"
-		cert, ok = s.certs["*"]
+		_, ok = s.scopes["*"]
 	}
 	if !ok {
 		s.mu.RUnlock()
 		return nil, errors.New("unrecognized scope")
 	}
 	cert := s.certs[hostname]
 	s.mu.RUnlock()
 	// If the certificate is empty or expired, generate a new one.
 	if cert.Leaf == nil || cert.Leaf.NotAfter.Before(time.Now()) {
@@ -114,6 +134,14 @@ func (s *Store) Get(hostname string) (*tls.Certificate, error) {
 	return &cert, nil
 }
 // Lookup returns the certificate for the provided scope.
 func (s *Store) Lookup(scope string) (tls.Certificate, bool) {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
 	cert, ok := s.certs[scope]
 	return cert, ok
 }
 func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
 	if s.CreateCertificate != nil {
 		return s.CreateCertificate(scope)
@@ -123,7 +151,7 @@ func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
 		Subject: pkix.Name{
 			CommonName: scope,
 		},
-		Duration: 365 * 24 * time.Hour,
+		Duration: 100 * 365 * 24 * time.Hour,
 	})
 }
@@ -132,26 +160,31 @@ func (s *Store) createCertificate(scope string) (tls.Certificate, error) {
 // The path should lead to a directory containing certificates
 // and private keys named "scope.crt" and "scope.key" respectively,
 // where "scope" is the scope of the certificate.
 // Certificates with scopes that have not been registered will be ignored.
 func (s *Store) Load(path string) error {
 	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
 		return err
 	}
 	path = filepath.Clean(path)
 	matches, err := filepath.Glob(filepath.Join(path, "*.crt"))
 	if err != nil {
 		return err
 	}
 	for _, crtPath := range matches {
 		scope := strings.TrimSuffix(filepath.Base(crtPath), ".crt")
 		if _, ok := s.certs[scope]; !ok {
 			continue
 		}
 		keyPath := strings.TrimSuffix(crtPath, ".crt") + ".key"
 		cert, err := tls.LoadX509KeyPair(crtPath, keyPath)
 		if err != nil {
 			continue
 		}
 		scope := strings.TrimPrefix(crtPath, path)
 		scope = strings.TrimPrefix(scope, "/")
 		scope = strings.TrimSuffix(scope, ".crt")
 		s.Add(scope, cert)
 	}
-	s.SetPath(path)
+	s.mu.Lock()
 	defer s.mu.Unlock()
 	s.path = path
 	return nil
 }
@@ -170,5 +203,5 @@ func (s *Store) Entries() map[string]tls.Certificate {
 func (s *Store) SetPath(path string) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
-	s.path = path
+	s.path = filepath.Clean(path)
 }
--- a/client.go
+++ b/client.go
@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"net"
 	"net/url"
 	"time"
 	"unicode/utf8"
 	"golang.org/x/net/idna"
@@ -14,10 +13,10 @@ import (
 // A Client is a Gemini client. Its zero value is a usable client.
 type Client struct {
-	// TrustCertificate is called to determine whether the client
+	// TrustCertificate is called to determine whether the client should
-	// should trust the certificate provided by the server.
+	// trust the certificate provided by the server.
-	// If TrustCertificate is nil, the client will accept any certificate.
+	// If TrustCertificate is nil or returns nil, the client will accept
-	// If the returned error is not nil, the certificate will not be trusted
+	// any certificate. Otherwise, the certificate will not be trusted
 	// and the request will be aborted.
 	//
 	// See the tofu submodule for an implementation of trust on first use.
@@ -29,14 +28,14 @@ type Client struct {
 }
 // Get sends a Gemini request for the given URL.
-// If the provided context is canceled or times out, the request
+// The context controls the entire lifetime of a request and its response:
-// will be aborted and the context's error will be returned.
+// obtaining a connection, sending the request, and reading the response
 // header and body.
 //
 // An error is returned if there was a Gemini protocol error.
 // A non-2x status code doesn't cause an error.
 //
-// If the returned error is nil, the Response will contain a non-nil Body
+// If the returned error is nil, the user is expected to close the Response.
 // which the user is expected to close.
 //
 // For more control over requests, use NewRequest and Client.Do.
 func (c *Client) Get(ctx context.Context, url string) (*Response, error) {
@@ -48,16 +47,14 @@ func (c *Client) Get(ctx context.Context, url string) (*Response, error) {
 }
 // Do sends a Gemini request and returns a Gemini response.
-// If the provided context is canceled or times out, the request
+// The context controls the entire lifetime of a request and its response:
-// will be aborted and the context's error will be returned.
+// obtaining a connection, sending the request, and reading the response
 // header and body.
 //
 // An error is returned if there was a Gemini protocol error.
 // A non-2x status code doesn't cause an error.
 //
-// If the returned error is nil, the Response will contain a non-nil Body
+// If the returned error is nil, the user is expected to close the Response.
 // which the user is expected to close.
 //
 // Generally Get will be used instead of Do.
 func (c *Client) Do(ctx context.Context, req *Request) (*Response, error) {
 	if ctx == nil {
 		panic("nil context")
@@ -79,9 +76,10 @@ func (c *Client) Do(ctx context.Context, req *Request) (*Response, error) {
 		// Use the new URL in the request so that the server gets
 		// the punycoded hostname
-		req = &Request{
+		r := new(Request)
-			URL: u,
+		*r = *req
-		}
+		r.URL = u
 		req = r
 	}
 	// Use request host if provided
@@ -124,7 +122,7 @@ func (c *Client) Do(ctx context.Context, req *Request) (*Response, error) {
 	res := make(chan result, 1)
 	go func() {
-		resp, err := c.do(conn, req)
+		resp, err := c.do(ctx, conn, req)
 		res <- result{resp, err}
 	}()
@@ -133,27 +131,40 @@ func (c *Client) Do(ctx context.Context, req *Request) (*Response, error) {
 		conn.Close()
 		return nil, ctx.Err()
 	case r := <-res:
 		if r.err != nil {
 			conn.Close()
 		}
 		return r.resp, r.err
 	}
 }
-func (c *Client) do(conn net.Conn, req *Request) (*Response, error) {
+func (c *Client) do(ctx context.Context, conn net.Conn, req *Request) (*Response, error) {
 	ctx, cancel := context.WithCancel(ctx)
 	done := ctx.Done()
 	w := &contextWriter{
 		ctx:    ctx,
 		done:   done,
 		cancel: cancel,
 		wc:     conn,
 	}
 	rc := &contextReader{
 		ctx:    ctx,
 		done:   done,
 		cancel: cancel,
 		rc:     conn,
 	}
 	// Write the request
-	if err := req.Write(conn); err != nil {
+	if _, err := req.WriteTo(w); err != nil {
 		return nil, err
 	}
 	// Read the response
-	resp, err := ReadResponse(conn)
+	resp, err := ReadResponse(rc)
 	if err != nil {
 		return nil, err
 	}
-
+	resp.conn = conn
 	// Store TLS connection state
 	if tlsConn, ok := conn.(*tls.Conn); ok {
 		state := tlsConn.ConnectionState()
 		resp.TLS = &state
 	}
 	return resp, nil
 }
@@ -166,17 +177,9 @@ func (c *Client) dialContext(ctx context.Context, network, addr string) (net.Con
 }
 func (c *Client) verifyConnection(cs tls.ConnectionState, hostname string) error {
 	cert := cs.PeerCertificates[0]
 	// Verify hostname
 	if err := verifyHostname(cert, hostname); err != nil {
 		return err
 	}
 	// Check expiration date
 	if !time.Now().Before(cert.NotAfter) {
 		return ErrCertificateExpired
 	}
 	// See if the client trusts the certificate
 	if c.TrustCertificate != nil {
 		cert := cs.PeerCertificates[0]
 		return c.TrustCertificate(hostname, cert)
 	}
 	return nil
--- a/doc.go
+++ b/doc.go
@@ -4,7 +4,8 @@ Package gemini provides Gemini client and server implementations.
 Client is a Gemini client.
 	client := &gemini.Client{}
-	resp, err := client.Get("gemini://example.com")
+	ctx := context.Background()
 	resp, err := client.Get(ctx, "gemini://example.com")
 	if err != nil {
 		// handle error
 	}
@@ -21,30 +22,32 @@ Server is a Gemini server.
 Servers should be configured with certificates:
 	certificates := &certificate.Store{}
 	certificates.Register("localhost")
 	err := certificates.Load("/var/lib/gemini/certs")
 	if err != nil {
 		// handle error
 	}
-	server.GetCertificate = certificates.GetCertificate
+	server.GetCertificate = certificates.Get
-ServeMux is a Gemini request multiplexer.
+Mux is a Gemini request multiplexer.
-ServeMux can handle requests for multiple hosts and schemes.
+Mux can handle requests for multiple hosts and paths.
-	mux := &gemini.ServeMux{}
+	mux := &gemini.Mux{}
 	mux.HandleFunc("example.com", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
 		fmt.Fprint(w, "Welcome to example.com")
 	})
 	mux.HandleFunc("example.org/about.gmi", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
 		fmt.Fprint(w, "About example.org")
 	})
-	mux.HandleFunc("http://example.net", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
+	mux.HandleFunc("/images/", func(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
-		fmt.Fprint(w, "Proxied content from http://example.net")
+		w.WriteHeader(gemini.StatusGone, "Gone forever")
 	})
 	server.Handler = mux
 To start the server, call ListenAndServe:
-	err := server.ListenAndServe(context.Background())
+	ctx := context.Background()
 	err := server.ListenAndServe(ctx)
 	if err != nil {
 		// handle error
 	}
--- a/examples/auth.go
+++ b/examples/auth.go
@@ -10,8 +10,8 @@ import (
 	"log"
 	"time"
-	"git.sr.ht/~adnano/go-gemini"
+	"git.tebibyte.media/sashakoshka/go-gemini"
-	"git.sr.ht/~adnano/go-gemini/certificate"
+	"git.tebibyte.media/sashakoshka/go-gemini/certificate"
 )
 type User struct {
@@ -30,7 +30,7 @@ func main() {
 		log.Fatal(err)
 	}
-	mux := &gemini.ServeMux{}
+	mux := &gemini.Mux{}
 	mux.HandleFunc("/", profile)
 	mux.HandleFunc("/username", changeUsername)
@@ -52,11 +52,12 @@ func fingerprint(cert *x509.Certificate) string {
 }
 func profile(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
-	if len(r.TLS.PeerCertificates) == 0 {
+	tls := r.TLS
 	if len(tls.PeerCertificates) == 0 {
 		w.WriteHeader(gemini.StatusCertificateRequired, "Certificate required")
 		return
 	}
-	fingerprint := fingerprint(r.TLS.PeerCertificates[0])
+	fingerprint := fingerprint(tls.PeerCertificates[0])
 	user, ok := users[fingerprint]
 	if !ok {
 		user = &User{}
@@ -67,7 +68,8 @@ func profile(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
 }
 func changeUsername(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
-	if len(r.TLS.PeerCertificates) == 0 {
+	tls := r.TLS
 	if len(tls.PeerCertificates) == 0 {
 		w.WriteHeader(gemini.StatusCertificateRequired, "Certificate required")
 		return
 	}
@@ -77,7 +79,7 @@ func changeUsername(ctx context.Context, w gemini.ResponseWriter, r *gemini.Requ
 		w.WriteHeader(gemini.StatusInput, "Username")
 		return
 	}
-	fingerprint := fingerprint(r.TLS.PeerCertificates[0])
+	fingerprint := fingerprint(tls.PeerCertificates[0])
 	user, ok := users[fingerprint]
 	if !ok {
 		user = &User{}
--- a/examples/cert.go
+++ b/examples/cert.go
@@ -11,7 +11,7 @@ import (
 	"os"
 	"time"
-	"git.sr.ht/~adnano/go-gemini/certificate"
+	"git.tebibyte.media/sashakoshka/go-gemini/certificate"
 )
 func main() {
--- a/examples/client.go
+++ b/examples/client.go
@@ -6,7 +6,6 @@ package main
 import (
 	"bufio"
 	"bytes"
 	"context"
 	"crypto/x509"
 	"errors"
@@ -16,10 +15,9 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
 	"time"
-	"git.sr.ht/~adnano/go-gemini"
+	"git.tebibyte.media/sashakoshka/go-gemini"
-	"git.sr.ht/~adnano/go-gemini/tofu"
+	"git.tebibyte.media/sashakoshka/go-gemini/tofu"
 )
 var (
@@ -61,15 +59,14 @@ Otherwise, this should be safe to trust.
 => `
 func trustCertificate(hostname string, cert *x509.Certificate) error {
-	host := tofu.NewHost(hostname, cert.Raw, cert.NotAfter)
+	host := tofu.NewHost(hostname, cert.Raw)
 	knownHost, ok := hosts.Lookup(hostname)
-	if ok && time.Now().Before(knownHost.Expires) {
+	if ok {
 		// Check fingerprint
-		if bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
+		if knownHost.Fingerprint != host.Fingerprint {
-			return nil
+			return errors.New("error: fingerprint does not match!")
 		}
-		return errors.New("error: fingerprint does not match!")
+		return nil
 	}
 	fmt.Printf(trustPrompt, hostname, host.Fingerprint)
@@ -87,7 +84,7 @@ func trustCertificate(hostname string, cert *x509.Certificate) error {
 	}
 }
-func getInput(prompt string, sensitive bool) (input string, ok bool) {
+func getInput(prompt string) (input string, ok bool) {
 	fmt.Printf("%s ", prompt)
 	scanner.Scan()
 	return scanner.Text(), true
@@ -97,14 +94,15 @@ func do(req *gemini.Request, via []*gemini.Request) (*gemini.Response, error) {
 	client := gemini.Client{
 		TrustCertificate: trustCertificate,
 	}
-	resp, err := client.Do(context.Background(), req)
+	ctx := context.Background()
 	resp, err := client.Do(ctx, req)
 	if err != nil {
 		return resp, err
 	}
 	switch resp.Status.Class() {
 	case gemini.StatusInput:
-		input, ok := getInput(resp.Meta, resp.Status == gemini.StatusSensitiveInput)
+		input, ok := getInput(resp.Meta)
 		if !ok {
 			break
 		}
@@ -156,11 +154,10 @@ func main() {
 	// Handle response
 	if resp.Status.Class() == gemini.StatusSuccess {
-		body, err := io.ReadAll(resp.Body)
+		_, err := io.Copy(os.Stdout, resp.Body)
 		if err != nil {
 			log.Fatal(err)
 		}
 		fmt.Print(string(body))
 	} else {
 		fmt.Printf("%d %s\n", resp.Status, resp.Meta)
 		os.Exit(1)
--- a/examples/html.go
+++ b/examples/html.go
@@ -10,7 +10,7 @@ import (
 	"io"
 	"os"
-	"git.sr.ht/~adnano/go-gemini"
+	"git.tebibyte.media/sashakoshka/go-gemini"
 )
 func main() {
--- a/examples/server.go
+++ b/examples/server.go
@@ -11,8 +11,8 @@ import (
 	"os/signal"
 	"time"
-	"git.sr.ht/~adnano/go-gemini"
+	"git.tebibyte.media/sashakoshka/go-gemini"
-	"git.sr.ht/~adnano/go-gemini/certificate"
+	"git.tebibyte.media/sashakoshka/go-gemini/certificate"
 )
 func main() {
@@ -22,11 +22,11 @@ func main() {
 		log.Fatal(err)
 	}
-	mux := &gemini.ServeMux{}
+	mux := &gemini.Mux{}
 	mux.Handle("/", gemini.FileServer(os.DirFS("/var/www")))
 	server := &gemini.Server{
-		Handler:        mux,
+		Handler:        gemini.LoggingMiddleware(mux),
 		ReadTimeout:    30 * time.Second,
 		WriteTimeout:   1 * time.Minute,
 		GetCertificate: certificates.Get,
@@ -48,7 +48,8 @@ func main() {
 	case <-c:
 		// Shutdown the server
 		log.Println("Shutting down...")
-		ctx, _ := context.WithTimeout(context.Background(), 30*time.Second)
+		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 		defer cancel()
 		err := server.Shutdown(ctx)
 		if err != nil {
 			log.Fatal(err)
--- a/examples/stream.go
+++ b/examples/stream.go
@@ -10,8 +10,8 @@ import (
 	"log"
 	"time"
-	"git.sr.ht/~adnano/go-gemini"
+	"git.tebibyte.media/sashakoshka/go-gemini"
-	"git.sr.ht/~adnano/go-gemini/certificate"
+	"git.tebibyte.media/sashakoshka/go-gemini/certificate"
 )
 func main() {
@@ -21,7 +21,7 @@ func main() {
 		log.Fatal(err)
 	}
-	mux := &gemini.ServeMux{}
+	mux := &gemini.Mux{}
 	mux.HandleFunc("/", stream)
 	server := &gemini.Server{
@@ -39,33 +39,16 @@ func main() {
 // stream writes an infinite stream to w.
 func stream(ctx context.Context, w gemini.ResponseWriter, r *gemini.Request) {
 	ch := make(chan string)
 	ctx, cancel := context.WithCancel(ctx)
 	go func(ctx context.Context) {
 		for {
 			select {
 			case <-ctx.Done():
 				return
 			default:
 				ch <- fmt.Sprint(time.Now().UTC())
 			}
 			time.Sleep(time.Second)
 		}
 		// Close channel when finished.
 		// In this example this will never be reached.
 		close(ch)
 	}(ctx)
 	for {
-		s, ok := <-ch
+		select {
-		if !ok {
+		case <-ctx.Done():
-			break
+			return
 		default:
 		}
-		fmt.Fprintln(w, s)
+		fmt.Fprintln(w, time.Now().UTC())
 		if err := w.Flush(); err != nil {
 			cancel()
 			return
 		}
 		time.Sleep(time.Second)
 	}
 }
--- a/fs.go
+++ b/fs.go
@@ -1,3 +1,5 @@
 // +build go1.16
 package gemini
 import (
@@ -13,12 +15,6 @@ import (
 	"strings"
 )
 func init() {
 	// Add Gemini mime types
 	mime.AddExtensionType(".gmi", "text/gemini")
 	mime.AddExtensionType(".gemini", "text/gemini")
 }
 // FileServer returns a handler that serves Gemini requests with the contents
 // of the provided file system.
 //
@@ -33,88 +29,22 @@ type fileServer struct {
 	fs.FS
 }
-func (fs fileServer) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
+func (fsys fileServer) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
 	serveFile(w, r, fs, path.Clean(r.URL.Path), true)
 }
 // ServeContent replies to the request using the content in the
 // provided Reader. The main benefit of ServeContent over io.Copy
 // is that it sets the MIME type of the response.
 //
 // ServeContent tries to deduce the type from name's file extension.
 // The name is otherwise unused; it is never sent in the response.
 func ServeContent(w ResponseWriter, r *Request, name string, content io.Reader) {
 	serveContent(w, name, content)
 }
 func serveContent(w ResponseWriter, name string, content io.Reader) {
 	// Detect mimetype from file extension
 	ext := path.Ext(name)
 	mimetype := mime.TypeByExtension(ext)
 	w.SetMediaType(mimetype)
 	io.Copy(w, content)
 }
 // ServeFile responds to the request with the contents of the named file
 // or directory.
 //
 // If the provided file or directory name is a relative path, it is interpreted
 // relative to the current directory and may ascend to parent directories. If
 // the provided name is constructed from user input, it should be sanitized
 // before calling ServeFile.
 //
 // As a precaution, ServeFile will reject requests where r.URL.Path contains a
 // ".." path element; this protects against callers who might unsafely use
 // filepath.Join on r.URL.Path without sanitizing it and then use that
 // filepath.Join result as the name argument.
 //
 // As another special case, ServeFile redirects any request where r.URL.Path
 // ends in "/index.gmi" to the same path, without the final "index.gmi". To
 // avoid such redirects either modify the path or use ServeContent.
 //
 // Outside of those two special cases, ServeFile does not use r.URL.Path for
 // selecting the file or directory to serve; only the file or directory
 // provided in the name argument is used.
 func ServeFile(w ResponseWriter, r *Request, fsys fs.FS, name string) {
 	if containsDotDot(r.URL.Path) {
 		// Too many programs use r.URL.Path to construct the argument to
 		// serveFile. Reject the request under the assumption that happened
 		// here and ".." may not be wanted.
 		// Note that name might not contain "..", for example if code (still
 		// incorrectly) used filepath.Join(myDir, r.URL.Path).
 		w.WriteHeader(StatusBadRequest, "invalid URL path")
 		return
 	}
 	serveFile(w, r, fsys, name, false)
 }
 func containsDotDot(v string) bool {
 	if !strings.Contains(v, "..") {
 		return false
 	}
 	for _, ent := range strings.FieldsFunc(v, isSlashRune) {
 		if ent == ".." {
 			return true
 		}
 	}
 	return false
 }
 func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
 func serveFile(w ResponseWriter, r *Request, fsys fs.FS, name string, redirect bool) {
 	const indexPage = "/index.gmi"
 	url := path.Clean(r.URL.Path)
 	// Redirect .../index.gmi to .../
-	if strings.HasSuffix(r.URL.Path, indexPage) {
+	if strings.HasSuffix(url, indexPage) {
-		w.WriteHeader(StatusPermanentRedirect, "./")
+		w.WriteHeader(StatusPermanentRedirect, strings.TrimSuffix(url, "index.gmi"))
 		return
 	}
 	name := url
 	if name == "/" {
 		name = "."
 	} else {
-		name = strings.Trim(name, "/")
+		name = strings.TrimPrefix(name, "/")
 	}
 	f, err := fsys.Open(name)
@@ -131,50 +61,89 @@ func serveFile(w ResponseWriter, r *Request, fsys fs.FS, name string, redirect b
 	}
 	// Redirect to canonical path
-	if redirect {
+	if len(r.URL.Path) != 0 {
 		url := r.URL.Path
 		if stat.IsDir() {
-			// Add trailing slash
+			target := url
-			if url[len(url)-1] != '/' {
+			if target != "/" {
-				w.WriteHeader(StatusPermanentRedirect, path.Base(url)+"/")
+				target += "/"
 			}
 			if len(r.URL.Path) != len(target) || r.URL.Path != target {
 				w.WriteHeader(StatusPermanentRedirect, target)
 				return
 			}
-		} else {
+		} else if r.URL.Path[len(r.URL.Path)-1] == '/' {
 			// Remove trailing slash
-			if url[len(url)-1] == '/' {
+			w.WriteHeader(StatusPermanentRedirect, url)
 				w.WriteHeader(StatusPermanentRedirect, "../"+path.Base(url))
 				return
 			}
 		}
 	}
 	if stat.IsDir() {
 		// Redirect if the directory name doesn't end in a slash
 		url := r.URL.Path
 		if url[len(url)-1] != '/' {
 			w.WriteHeader(StatusRedirect, path.Base(url)+"/")
 			return
 		}
 		// Use contents of index.gmi if present
 		index, err := fsys.Open(path.Join(name, indexPage))
 		if err == nil {
 			defer index.Close()
 			istat, err := index.Stat()
 			if err == nil {
 				f = index
 				stat = istat
 			}
 		}
 	}
 	if stat.IsDir() {
-		// Failed to find index file
+		// Use contents of index.gmi if present
-		dirList(w, f)
+		name = path.Join(name, indexPage)
 		index, err := fsys.Open(name)
 		if err == nil {
 			defer index.Close()
 			f = index
 		} else {
 			// Failed to find index file
 			dirList(w, f)
 			return
 		}
 	}
 	// Detect mimetype from file extension
 	ext := path.Ext(name)
 	mimetype := mime.TypeByExtension(ext)
 	w.SetMediaType(mimetype)
 	io.Copy(w, f)
 }
 // ServeFile responds to the request with the contents of the named file
 // or directory. If the provided name is constructed from user input, it
 // should be sanitized before calling ServeFile.
 func ServeFile(w ResponseWriter, fsys fs.FS, name string) {
 	const indexPage = "/index.gmi"
 	// Ensure name is relative
 	if name == "/" {
 		name = "."
 	} else {
 		name = strings.TrimLeft(name, "/")
 	}
 	f, err := fsys.Open(name)
 	if err != nil {
 		w.WriteHeader(toGeminiError(err))
 		return
 	}
 	defer f.Close()
 	stat, err := f.Stat()
 	if err != nil {
 		w.WriteHeader(toGeminiError(err))
 		return
 	}
-	serveContent(w, name, f)
+	if stat.IsDir() {
 		// Use contents of index file if present
 		name = path.Join(name, indexPage)
 		index, err := fsys.Open(name)
 		if err == nil {
 			defer index.Close()
 			f = index
 		} else {
 			// Failed to find index file
 			dirList(w, f)
 			return
 		}
 	}
 	// Detect mimetype from file extension
 	ext := path.Ext(name)
 	mimetype := mime.TypeByExtension(ext)
 	w.SetMediaType(mimetype)
 	io.Copy(w, f)
 }
 func dirList(w ResponseWriter, f fs.File) {
@@ -200,7 +169,7 @@ func dirList(w ResponseWriter, f fs.File) {
 		}
 		link := LineLink{
 			Name: name,
-			URL:  (&url.URL{Path: name}).EscapedPath(),
+			URL:  "./" + url.PathEscape(name),
 		}
 		fmt.Fprintln(w, link.String())
 	}
--- a/gemini.go
+++ b/gemini.go
@@ -2,22 +2,33 @@ package gemini
 import (
 	"errors"
 	"mime"
 )
-var crlf = []byte("\r\n")
+func init() {
 	// Add Gemini mime types
 	mime.AddExtensionType(".gmi", "text/gemini")
 	mime.AddExtensionType(".gemini", "text/gemini")
 }
 // Errors.
 var (
 	ErrInvalidRequest  = errors.New("gemini: invalid request")
 	ErrInvalidResponse = errors.New("gemini: invalid response")
 	ErrCertificateExpired = errors.New("gemini: certificate expired")
 	// ErrBodyNotAllowed is returned by ResponseWriter.Write calls
 	// when the response status code does not permit a body.
 	ErrBodyNotAllowed = errors.New("gemini: response status code does not allow body")
 	// ErrHandlerTimeout is returned on ResponseWriter Write calls
 	// in handlers which have timed out.
 	ErrHandlerTimeout = errors.New("gemini: Handler timeout")
 )
 var crlf = []byte("\r\n")
 func trimCRLF(b []byte) ([]byte, bool) {
 	// Check for CR
 	if len(b) < 2 || b[len(b)-2] != '\r' {
 		return nil, false
 	}
 	// Trim CRLF
 	b = b[:len(b)-2]
 	return b, true
 }
--- a/go.mod
+++ b/go.mod
@@ -1,5 +1,5 @@
-module git.sr.ht/~adnano/go-gemini
+module git.tebibyte.media/sashakoshka/go-gemini
-go 1.16
+go 1.15
 require golang.org/x/net v0.0.0-20210119194325-5f4716e94777
--- a/handler.go
+++ b/handler.go
@@ -1,9 +1,12 @@
 package gemini
 import (
 	"bytes"
 	"context"
 	"io"
 	"net/url"
 	"strings"
 	"time"
 )
 // A Handler responds to a Gemini request.
@@ -13,6 +16,9 @@ import (
 // valid to use the ResponseWriter after or concurrently with the completion
 // of the ServeGemini call.
 //
 // The provided context is canceled when the client's connection is closed
 // or the ServeGemini method returns.
 //
 // Handlers should not modify the provided Request.
 type Handler interface {
 	ServeGemini(context.Context, ResponseWriter, *Request)
@@ -31,16 +37,9 @@ func (f HandlerFunc) ServeGemini(ctx context.Context, w ResponseWriter, r *Reque
 // StatusHandler returns a request handler that responds to each request
 // with the provided status code and meta.
 func StatusHandler(status Status, meta string) Handler {
-	return &statusHandler{status, meta}
+	return HandlerFunc(func(ctx context.Context, w ResponseWriter, r *Request) {
-}
+		w.WriteHeader(status, meta)
-
+	})
 type statusHandler struct {
 	status Status
 	meta   string
 }
 func (h *statusHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
 	w.WriteHeader(h.status, h.meta)
 }
 // NotFoundHandler returns a simple request handler that replies to each
@@ -75,3 +74,85 @@ func StripPrefix(prefix string, h Handler) Handler {
 		}
 	})
 }
 // TimeoutHandler returns a Handler that runs h with the given time limit.
 //
 // The new Handler calls h.ServeGemini to handle each request, but
 // if a call runs for longer than its time limit, the handler responds with a
 // 40 Temporary Failure status code and the given message in its response meta.
 // After such a timeout, writes by h to its ResponseWriter will return
 // context.DeadlineExceeded.
 func TimeoutHandler(h Handler, dt time.Duration, message string) Handler {
 	return &timeoutHandler{
 		h:   h,
 		dt:  dt,
 		msg: message,
 	}
 }
 type timeoutHandler struct {
 	h   Handler
 	dt  time.Duration
 	msg string
 }
 func (t *timeoutHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
 	ctx, cancel := context.WithTimeout(ctx, t.dt)
 	defer cancel()
 	buf := &bytes.Buffer{}
 	tw := &timeoutWriter{
 		wr: &contextWriter{
 			ctx:    ctx,
 			cancel: cancel,
 			done:   ctx.Done(),
 			wc:     nopCloser{buf},
 		},
 	}
 	done := make(chan struct{})
 	go func() {
 		t.h.ServeGemini(ctx, tw, r)
 		close(done)
 	}()
 	select {
 	case <-done:
 		w.WriteHeader(tw.status, tw.meta)
 		w.Write(buf.Bytes())
 	case <-ctx.Done():
 		w.WriteHeader(StatusTemporaryFailure, t.msg)
 	}
 }
 type timeoutWriter struct {
 	wr          io.Writer
 	status      Status
 	meta        string
 	mediatype   string
 	wroteHeader bool
 }
 func (w *timeoutWriter) SetMediaType(mediatype string) {
 	w.mediatype = mediatype
 }
 func (w *timeoutWriter) Write(b []byte) (int, error) {
 	if !w.wroteHeader {
 		w.WriteHeader(StatusSuccess, w.mediatype)
 	}
 	return w.wr.Write(b)
 }
 func (w *timeoutWriter) WriteHeader(status Status, meta string) {
 	if w.wroteHeader {
 		return
 	}
 	w.status = status
 	w.meta = meta
 	w.wroteHeader = true
 }
 func (w *timeoutWriter) Flush() error {
 	return nil
 }
--- a/io.go
+++ b/io.go
@@ -0,0 +1,76 @@
 package gemini
 import (
 	"context"
 	"io"
 )
 type contextReader struct {
 	ctx    context.Context
 	done   <-chan struct{}
 	cancel func()
 	rc     io.ReadCloser
 }
 func (r *contextReader) Read(p []byte) (int, error) {
 	select {
 	case <-r.done:
 		r.rc.Close()
 		return 0, r.ctx.Err()
 	default:
 	}
 	n, err := r.rc.Read(p)
 	if err != nil {
 		r.cancel()
 	}
 	return n, err
 }
 func (r *contextReader) Close() error {
 	r.cancel()
 	return r.rc.Close()
 }
 type contextWriter struct {
 	ctx    context.Context
 	done   <-chan struct{}
 	cancel func()
 	wc     io.WriteCloser
 }
 func (w *contextWriter) Write(b []byte) (int, error) {
 	select {
 	case <-w.done:
 		w.wc.Close()
 		return 0, w.ctx.Err()
 	default:
 	}
 	n, err := w.wc.Write(b)
 	if err != nil {
 		w.cancel()
 	}
 	return n, err
 }
 func (w *contextWriter) Close() error {
 	w.cancel()
 	return w.wc.Close()
 }
 type nopCloser struct {
 	io.Writer
 }
 func (nopCloser) Close() error {
 	return nil
 }
 type nopReadCloser struct{}
 func (nopReadCloser) Read(p []byte) (int, error) {
 	return 0, io.EOF
 }
 func (nopReadCloser) Close() error {
 	return nil
 }
--- a/middleware.go
+++ b/middleware.go
@@ -0,0 +1,58 @@
 package gemini
 import (
 	"context"
 	"log"
 )
 // LoggingMiddleware returns a handler that wraps h and logs Gemini requests
 // and their responses to the log package's standard logger.
 // Requests are logged with the format "gemini: {host} {URL} {status code} {bytes written}".
 func LoggingMiddleware(h Handler) Handler {
 	return HandlerFunc(func(ctx context.Context, w ResponseWriter, r *Request) {
 		lw := &logResponseWriter{rw: w}
 		h.ServeGemini(ctx, lw, r)
 		host := r.ServerName()
 		log.Printf("gemini: %s %q %d %d", host, r.URL, lw.Status, lw.Wrote)
 	})
 }
 type logResponseWriter struct {
 	Status      Status
 	Wrote       int
 	rw          ResponseWriter
 	mediatype   string
 	wroteHeader bool
 }
 func (w *logResponseWriter) SetMediaType(mediatype string) {
 	w.mediatype = mediatype
 }
 func (w *logResponseWriter) Write(b []byte) (int, error) {
 	if !w.wroteHeader {
 		meta := w.mediatype
 		if meta == "" {
 			// Use default media type
 			meta = defaultMediaType
 		}
 		w.WriteHeader(StatusSuccess, meta)
 	}
 	n, err := w.rw.Write(b)
 	w.Wrote += n
 	return n, err
 }
 func (w *logResponseWriter) WriteHeader(status Status, meta string) {
 	if w.wroteHeader {
 		return
 	}
 	w.wroteHeader = true
 	w.Status = status
 	w.Wrote += len(meta) + 5
 	w.rw.WriteHeader(status, meta)
 }
 func (w *logResponseWriter) Flush() error {
 	return nil
 }
--- a/mux.go
+++ b/mux.go
@@ -1,3 +1,7 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE-GO file.
 package gemini
 import (
@@ -10,7 +14,7 @@ import (
 	"sync"
 )
-// ServeMux is a Gemini request multiplexer.
+// Mux is a Gemini request multiplexer.
 // It matches the URL of each incoming request against a list of registered
 // patterns and calls the handler for the pattern that
 // most closely matches the URL.
@@ -28,58 +32,42 @@ import (
 // the pattern "/" matches all paths not matched by other registered
 // patterns, not just the URL with Path == "/".
 //
-// Patterns may also contain schemes and hostnames.
+// Patterns may optionally begin with a host name, restricting matches to
-// Wildcard patterns can be used to match multiple hostnames (e.g. "*.example.com").
+// URLs on that host only. Host-specific patterns take precedence over
 // general patterns, so that a handler might register for the two patterns
 // "/search" and "search.example.com/" without also taking over requests
 // for "gemini://example.com/".
 //
-// The following are examples of valid patterns, along with the scheme,
+// Wildcard patterns can be used to match multiple hostnames. For example,
-// hostname, and path that they match.
+// the pattern "*.example.com" will match requests for "blog.example.com"
-//
+// and "gemini.example.com", but not "example.org".
 //     Pattern                      │ Scheme │ Hostname │ Path
 //     ─────────────────────────────┼────────┼──────────┼─────────────
 //     /file                        │ gemini │ *        │ /file
 //     /directory/                  │ gemini │ *        │ /directory/*
 //     hostname/file                │ gemini │ hostname │ /file
 //     hostname/directory/          │ gemini │ hostname │ /directory/*
 //     scheme://hostname/file       │ scheme │ hostname │ /file
 //     scheme://hostname/directory/ │ scheme │ hostname │ /directory/*
 //     //hostname/file              │ *      │ hostname │ /file
 //     //hostname/directory/        │ *      │ hostname │ /directory/*
 //     scheme:///file               │ scheme │ *        │ /file
 //     scheme:///directory/         │ scheme │ *        │ /directory/*
 //     ///file                      │ *      │ *        │ /file
 //     ///directory/                │ *      │ *        │ /directory/*
 //
 // A pattern without a hostname will match any hostname.
 // If a pattern begins with "//", it will match any scheme.
 // Otherwise, a pattern with no scheme is treated as though it has a
 // scheme of "gemini".
 //
 // If a subtree has been registered and a request is received naming the
-// subtree root without its trailing slash, ServeMux redirects that
+// subtree root without its trailing slash, Mux redirects that
 // request to the subtree root (adding the trailing slash). This behavior can
 // be overridden with a separate registration for the path without
-// the trailing slash. For example, registering "/images/" causes ServeMux
+// the trailing slash. For example, registering "/images/" causes Mux
 // to redirect a request for "/images" to "/images/", unless "/images" has
 // been registered separately.
 //
-// ServeMux also takes care of sanitizing the URL request path and
+// Mux also takes care of sanitizing the URL request path and
 // redirecting any request containing . or .. elements or repeated slashes
 // to an equivalent, cleaner URL.
-type ServeMux struct {
+type Mux struct {
 	mu sync.RWMutex
-	m  map[muxKey]Handler
+	m  map[hostpath]Handler
 	es []muxEntry // slice of entries sorted from longest to shortest
 }
-type muxKey struct {
+type hostpath struct {
-	scheme string
+	host string
-	host   string
+	path string
 	path   string
 }
 type muxEntry struct {
 	handler Handler
-	key     muxKey
+	host    string
 	path    string
 }
 // cleanPath returns the canonical path for p, eliminating . and .. elements.
@@ -106,24 +94,17 @@ func cleanPath(p string) string {
 // Find a handler on a handler map given a path string.
 // Most-specific (longest) pattern wins.
-func (mux *ServeMux) match(key muxKey) Handler {
+func (mux *Mux) match(host, path string) Handler {
 	// Check for exact match first.
-	if r, ok := mux.m[key]; ok {
+	if h, ok := mux.m[hostpath{host, path}]; ok {
-		return r
+		return h
 	} else if r, ok := mux.m[muxKey{"", key.host, key.path}]; ok {
 		return r
 	} else if r, ok := mux.m[muxKey{key.scheme, "", key.path}]; ok {
 		return r
 	} else if r, ok := mux.m[muxKey{"", "", key.path}]; ok {
 		return r
 	}
 	// Check for longest valid match.  mux.es contains all patterns
 	// that end in / sorted from longest to shortest.
 	for _, e := range mux.es {
-		if (e.key.scheme == "" || key.scheme == e.key.scheme) &&
+		if len(e.host) == len(host) && e.host == host &&
-			(e.key.host == "" || key.host == e.key.host) &&
+			strings.HasPrefix(path, e.path) {
 			strings.HasPrefix(key.path, e.key.path) {
 			return e.handler
 		}
 	}
@@ -134,31 +115,32 @@ func (mux *ServeMux) match(key muxKey) Handler {
 // This occurs when a handler for path + "/" was already registered, but
 // not for path itself. If the path needs appending to, it creates a new
 // URL, setting the path to u.Path + "/" and returning true to indicate so.
-func (mux *ServeMux) redirectToPathSlash(key muxKey, u *url.URL) (*url.URL, bool) {
+func (mux *Mux) redirectToPathSlash(host, path string, u *url.URL) (*url.URL, bool) {
 	mux.mu.RLock()
-	shouldRedirect := mux.shouldRedirectRLocked(key)
+	shouldRedirect := mux.shouldRedirectRLocked(host, path)
 	mux.mu.RUnlock()
 	if !shouldRedirect {
 		return u, false
 	}
-	return u.ResolveReference(&url.URL{Path: key.path + "/"}), true
+	return u.ResolveReference(&url.URL{Path: path + "/"}), true
 }
 // shouldRedirectRLocked reports whether the given path and host should be redirected to
 // path+"/". This should happen if a handler is registered for path+"/" but
-// not path -- see comments at ServeMux.
+// not path -- see comments at Mux.
-func (mux *ServeMux) shouldRedirectRLocked(key muxKey) bool {
+func (mux *Mux) shouldRedirectRLocked(host, path string) bool {
-	if _, exist := mux.m[key]; exist {
+	if _, exist := mux.m[hostpath{host, path}]; exist {
 		return false
 	}
-	n := len(key.path)
+	n := len(path)
 	if n == 0 {
 		return false
 	}
-	if _, exist := mux.m[muxKey{key.scheme, key.host, key.path + "/"}]; exist {
+	if _, exist := mux.m[hostpath{host, path + "/"}]; exist {
-		return key.path[n-1] != '/'
+		return path[n-1] != '/'
 	}
 	return false
 }
@@ -177,14 +159,18 @@ func getWildcard(hostname string) (string, bool) {
 // the path is not in its canonical form, the handler will be an
 // internally-generated handler that redirects to the canonical path. If the
 // host contains a port, it is ignored when matching handlers.
-func (mux *ServeMux) Handler(r *Request) Handler {
+func (mux *Mux) Handler(r *Request) Handler {
-	scheme := r.URL.Scheme
+	// Disallow non-Gemini schemes
 	if r.URL.Scheme != "gemini" {
 		return NotFoundHandler()
 	}
 	host := r.URL.Hostname()
 	path := cleanPath(r.URL.Path)
 	// If the given path is /tree and its handler is not registered,
 	// redirect for /tree/.
-	if u, ok := mux.redirectToPathSlash(muxKey{scheme, host, path}, r.URL); ok {
+	if u, ok := mux.redirectToPathSlash(host, path, r.URL); ok {
 		return StatusHandler(StatusPermanentRedirect, u.String())
 	}
@@ -197,29 +183,43 @@ func (mux *ServeMux) Handler(r *Request) Handler {
 	mux.mu.RLock()
 	defer mux.mu.RUnlock()
-	h := mux.match(muxKey{scheme, host, path})
+	h := mux.match(host, path)
 	if h == nil {
 		// Try wildcard
 		if wildcard, ok := getWildcard(host); ok {
-			h = mux.match(muxKey{scheme, wildcard, path})
+			if u, ok := mux.redirectToPathSlash(wildcard, path, r.URL); ok {
 				return StatusHandler(StatusPermanentRedirect, u.String())
 			}
 			h = mux.match(wildcard, path)
 		}
 	}
 	if h == nil {
 		// Try empty host
 		if u, ok := mux.redirectToPathSlash("", path, r.URL); ok {
 			return StatusHandler(StatusPermanentRedirect, u.String())
 		}
 		h = mux.match("", path)
 	}
 	if h == nil {
 		h = NotFoundHandler()
 	}
 	return h
 }
 // ServeGemini dispatches the request to the handler whose
 // pattern most closely matches the request URL.
-func (mux *ServeMux) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
+func (mux *Mux) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
 	h := mux.Handler(r)
 	h.ServeGemini(ctx, w, r)
 }
 // Handle registers the handler for the given pattern.
 // If a handler already exists for pattern, Handle panics.
-func (mux *ServeMux) Handle(pattern string, handler Handler) {
+func (mux *Mux) Handle(pattern string, handler Handler) {
 	if pattern == "" {
 		panic("gemini: invalid pattern")
 	}
@@ -230,48 +230,32 @@ func (mux *ServeMux) Handle(pattern string, handler Handler) {
 	mux.mu.Lock()
 	defer mux.mu.Unlock()
-	var key muxKey
+	var host, path string
 	if strings.HasPrefix(pattern, "//") {
 		// match any scheme
 		key.scheme = ""
 		pattern = pattern[2:]
 	} else {
 		// extract scheme
 		cut := strings.Index(pattern, "://")
 		if cut == -1 {
 			// default scheme of gemini
 			key.scheme = "gemini"
 		} else {
 			key.scheme = pattern[:cut]
 			pattern = pattern[cut+3:]
 		}
 	}
 	// extract hostname and path
 	cut := strings.Index(pattern, "/")
 	if cut == -1 {
-		key.host = pattern
+		host = pattern
-		key.path = "/"
+		path = "/"
 	} else {
-		key.host = pattern[:cut]
+		host = pattern[:cut]
-		key.path = pattern[cut:]
+		path = pattern[cut:]
 	}
 	// strip port from hostname
-	if hostname, _, err := net.SplitHostPort(key.host); err == nil {
+	if hostname, _, err := net.SplitHostPort(host); err == nil {
-		key.host = hostname
+		host = hostname
 	}
-	if _, exist := mux.m[key]; exist {
+	if _, exist := mux.m[hostpath{host, path}]; exist {
 		panic("gemini: multiple registrations for " + pattern)
 	}
 	if mux.m == nil {
-		mux.m = make(map[muxKey]Handler)
+		mux.m = make(map[hostpath]Handler)
 	}
-	mux.m[key] = handler
+	mux.m[hostpath{host, path}] = handler
-	e := muxEntry{handler, key}
+	e := muxEntry{handler, host, path}
-	if key.path[len(key.path)-1] == '/' {
+	if path[len(path)-1] == '/' {
 		mux.es = appendSorted(mux.es, e)
 	}
 }
@@ -279,9 +263,7 @@ func (mux *ServeMux) Handle(pattern string, handler Handler) {
 func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
 	n := len(es)
 	i := sort.Search(n, func(i int) bool {
-		return len(es[i].key.scheme) < len(e.key.scheme) ||
+		return len(es[i].path) < len(e.path)
 			len(es[i].key.host) < len(es[i].key.host) ||
 			len(es[i].key.path) < len(e.key.path)
 	})
 	if i == n {
 		return append(es, e)
@@ -294,6 +276,6 @@ func appendSorted(es []muxEntry, e muxEntry) []muxEntry {
 }
 // HandleFunc registers the handler function for the given pattern.
-func (mux *ServeMux) HandleFunc(pattern string, handler HandlerFunc) {
+func (mux *Mux) HandleFunc(pattern string, handler HandlerFunc) {
 	mux.Handle(pattern, handler)
 }
--- a/mux_test.go
+++ b/mux_test.go
@@ -2,6 +2,7 @@ package gemini
 import (
 	"context"
 	"io"
 	"net/url"
 	"testing"
 )
@@ -10,7 +11,222 @@ type nopHandler struct{}
 func (*nopHandler) ServeGemini(context.Context, ResponseWriter, *Request) {}
-func TestServeMuxMatch(t *testing.T) {
+type nopResponseWriter struct {
 	Status Status
 	Meta   string
 }
 func (w *nopResponseWriter) WriteHeader(status Status, meta string) {
 	w.Status = status
 	w.Meta = meta
 }
 func (nopResponseWriter) SetMediaType(mediatype string) {}
 func (nopResponseWriter) Write(b []byte) (int, error)   { return 0, io.EOF }
 func (nopResponseWriter) Flush() error                  { return nil }
 func TestMux(t *testing.T) {
 	type Test struct {
 		URL      string
 		Pattern  string
 		Redirect string
 		NotFound bool
 	}
 	tests := []struct {
 		Patterns []string
 		Tests    []Test
 	}{
 		{
 			Patterns: []string{"/a", "/b/", "/b/c/d", "/b/c/d/"},
 			Tests: []Test{
 				{
 					URL:      "gemini://example.com",
 					Redirect: "gemini://example.com/",
 				},
 				{
 					URL:      "gemini://example.com/",
 					NotFound: true,
 				},
 				{
 					URL:      "gemini://example.com/c",
 					NotFound: true,
 				},
 				{
 					URL:     "gemini://example.com/a",
 					Pattern: "/a",
 				},
 				{
 					URL:      "gemini://example.com/a/",
 					NotFound: true,
 				},
 				{
 					URL:      "gemini://example.com/b",
 					Redirect: "gemini://example.com/b/",
 				},
 				{
 					URL:     "gemini://example.com/b/",
 					Pattern: "/b/",
 				},
 				{
 					URL:     "gemini://example.com/b/c",
 					Pattern: "/b/",
 				},
 				{
 					URL:     "gemini://example.com/b/c/d",
 					Pattern: "/b/c/d",
 				},
 				{
 					URL:     "gemini://example.com/b/c/d/e/",
 					Pattern: "/b/c/d/",
 				},
 			},
 		},
 		{
 			Patterns: []string{
 				"/", "/a", "/b/",
 				"example.com", "example.com/a", "example.com/b/",
 				"*.example.com", "*.example.com/a", "*.example.com/b/",
 			},
 			Tests: []Test{
 				{
 					URL:     "gemini://example.net/",
 					Pattern: "/",
 				},
 				{
 					URL:     "gemini://example.net/a",
 					Pattern: "/a",
 				},
 				{
 					URL:      "gemini://example.net/b",
 					Redirect: "gemini://example.net/b/",
 				},
 				{
 					URL:     "gemini://example.net/b/",
 					Pattern: "/b/",
 				},
 				{
 					URL:     "gemini://example.com/",
 					Pattern: "example.com",
 				},
 				{
 					URL:      "gemini://example.com/b",
 					Redirect: "gemini://example.com/b/",
 				},
 				{
 					URL:     "gemini://example.com/b/",
 					Pattern: "example.com/b/",
 				},
 				{
 					URL:     "gemini://a.example.com/",
 					Pattern: "*.example.com",
 				},
 				{
 					URL:     "gemini://b.example.com/a",
 					Pattern: "*.example.com/a",
 				},
 				{
 					URL:      "gemini://c.example.com/b",
 					Redirect: "gemini://c.example.com/b/",
 				},
 				{
 					URL:     "gemini://d.example.com/b/",
 					Pattern: "*.example.com/b/",
 				},
 			},
 		},
 		{
 			Patterns: []string{"example.net", "*.example.org"},
 			Tests: []Test{
 				{
 					// The following redirect occurs as a result of cleaning
 					// the path provided to the Mux. This happens even if there
 					// are no matching handlers.
 					URL:      "gemini://example.com",
 					Redirect: "gemini://example.com/",
 				},
 				{
 					URL:      "gemini://example.com/",
 					NotFound: true,
 				},
 				{
 					URL:      "gemini://example.net",
 					Redirect: "gemini://example.net/",
 				},
 				{
 					URL:      "gemini://example.org/",
 					NotFound: true,
 				},
 				{
 					URL:      "gemini://gemini.example.org",
 					Redirect: "gemini://gemini.example.org/",
 				},
 			},
 		},
 	}
 	for _, test := range tests {
 		type handler struct {
 			nopHandler
 			Pattern string
 		}
 		mux := &Mux{}
 		for _, pattern := range test.Patterns {
 			mux.Handle(pattern, &handler{
 				Pattern: pattern,
 			})
 		}
 		for _, test := range test.Tests {
 			u, err := url.Parse(test.URL)
 			if err != nil {
 				panic(err)
 			}
 			req := &Request{URL: u}
 			h := mux.Handler(req)
 			if h, ok := h.(*handler); ok {
 				if h.Pattern != test.Pattern {
 					t.Errorf("wrong pattern for %q: expected %q, got %q", test.URL, test.Pattern, h.Pattern)
 				}
 				continue
 			}
 			// Check redirects and NotFounds
 			w := &nopResponseWriter{}
 			h.ServeGemini(context.Background(), w, req)
 			switch w.Status {
 			case StatusNotFound:
 				if !test.NotFound {
 					t.Errorf("expected pattern for %q, got NotFound", test.URL)
 				}
 			case StatusPermanentRedirect:
 				if test.Redirect == "" {
 					t.Errorf("expected pattern for %q, got redirect to %q", test.URL, w.Meta)
 					break
 				}
 				res, err := url.Parse(test.Redirect)
 				if err != nil {
 					panic(err)
 				}
 				if w.Meta != res.String() {
 					t.Errorf("bad redirect for %q: expected %q, got %q", test.URL, res.String(), w.Meta)
 				}
 			default:
 				t.Errorf("unexpected response for %q: %d %s", test.URL, w.Status, w.Meta)
 			}
 		}
 	}
 }
 func TestMuxMatch(t *testing.T) {
 	type Match struct {
 		URL string
 		Ok  bool
@@ -21,7 +237,7 @@ func TestServeMuxMatch(t *testing.T) {
 		Matches []Match
 	}{
 		{
-			// scheme: gemini, hostname: *, path: /*
+			// hostname: *, path: /*
 			Pattern: "/",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
@@ -34,7 +250,7 @@ func TestServeMuxMatch(t *testing.T) {
 			},
 		},
 		{
-			// scheme: gemini, hostname: *, path: /path
+			// hostname: *, path: /path
 			Pattern: "/path",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
@@ -47,7 +263,7 @@ func TestServeMuxMatch(t *testing.T) {
 			},
 		},
 		{
-			// scheme: gemini, hostname: *, path: /subtree/*
+			// hostname: *, path: /subtree/*
 			Pattern: "/subtree/",
 			Matches: []Match{
 				{"gemini://example.com/subtree/", true},
@@ -62,7 +278,7 @@ func TestServeMuxMatch(t *testing.T) {
 			},
 		},
 		{
-			// scheme: gemini, hostname: example.com, path: /*
+			// hostname: example.com, path: /*
 			Pattern: "example.com",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
@@ -75,7 +291,7 @@ func TestServeMuxMatch(t *testing.T) {
 			},
 		},
 		{
-			// scheme: gemini, hostname: example.com, path: /path
+			// hostname: example.com, path: /path
 			Pattern: "example.com/path",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
@@ -88,7 +304,7 @@ func TestServeMuxMatch(t *testing.T) {
 			},
 		},
 		{
-			// scheme: gemini, hostname: example.com, path: /subtree/*
+			// hostname: example.com, path: /subtree/*
 			Pattern: "example.com/subtree/",
 			Matches: []Match{
 				{"gemini://example.com/subtree/", true},
@@ -102,170 +318,6 @@ func TestServeMuxMatch(t *testing.T) {
 				{"http://example.com/subtree/", false},
 			},
 		},
 		{
 			// scheme: http, hostname: example.com, path: /*
 			Pattern: "http://example.com",
 			Matches: []Match{
 				{"http://example.com/path", true},
 				{"http://example.com/", true},
 				{"http://example.com/path.gmi", true},
 				{"http://example.com/path/", true},
 				{"http://example.org/path", false},
 				{"gemini://example.com/path", false},
 				{"gemini://example.org/path", false},
 			},
 		},
 		{
 			// scheme: http, hostname: example.com, path: /path
 			Pattern: "http://example.com/path",
 			Matches: []Match{
 				{"http://example.com/path", true},
 				{"http://example.com/", false},
 				{"http://example.com/path.gmi", false},
 				{"http://example.com/path/", false},
 				{"http://example.org/path", false},
 				{"gemini://example.com/path", false},
 				{"gemini://example.org/path", false},
 			},
 		},
 		{
 			// scheme: http, hostname: example.com, path: /subtree/*
 			Pattern: "http://example.com/subtree/",
 			Matches: []Match{
 				{"http://example.com/subtree/", true},
 				{"http://example.com/subtree/nested/", true},
 				{"http://example.com/subtree/nested/file", true},
 				{"http://example.org/subtree/", false},
 				{"http://example.org/subtree/nested/", false},
 				{"http://example.org/subtree/nested/file", false},
 				{"http://example.com/subtree", false},
 				{"http://www.example.com/subtree/", false},
 				{"gemini://example.com/subtree/", false},
 			},
 		},
 		{
 			// scheme: *, hostname: example.com, path: /*
 			Pattern: "//example.com",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
 				{"gemini://example.com/", true},
 				{"gemini://example.com/path.gmi", true},
 				{"gemini://example.com/path/", true},
 				{"gemini://example.org/path", false},
 				{"http://example.com/path", true},
 				{"http://example.org/path", false},
 			},
 		},
 		{
 			// scheme: *, hostname: example.com, path: /path
 			Pattern: "//example.com/path",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
 				{"gemini://example.com/", false},
 				{"gemini://example.com/path.gmi", false},
 				{"gemini://example.com/path/", false},
 				{"gemini://example.org/path", false},
 				{"http://example.com/path", true},
 				{"http://example.org/path", false},
 			},
 		},
 		{
 			// scheme: *, hostname: example.com, path: /subtree/*
 			Pattern: "//example.com/subtree/",
 			Matches: []Match{
 				{"gemini://example.com/subtree/", true},
 				{"gemini://example.com/subtree/nested/", true},
 				{"gemini://example.com/subtree/nested/file", true},
 				{"gemini://example.org/subtree/", false},
 				{"gemini://example.org/subtree/nested/", false},
 				{"gemini://example.org/subtree/nested/file", false},
 				{"gemini://example.com/subtree", false},
 				{"gemini://www.example.com/subtree/", false},
 				{"http://example.com/subtree/", true},
 			},
 		},
 		{
 			// scheme: http, hostname: *, path: /*
 			Pattern: "http://",
 			Matches: []Match{
 				{"http://example.com/path", true},
 				{"http://example.com/", true},
 				{"http://example.com/path.gmi", true},
 				{"http://example.com/path/", true},
 				{"http://example.org/path", true},
 				{"gemini://example.com/path", false},
 				{"gemini://example.org/path", false},
 			},
 		},
 		{
 			// scheme: http, hostname: *, path: /path
 			Pattern: "http:///path",
 			Matches: []Match{
 				{"http://example.com/path", true},
 				{"http://example.com/", false},
 				{"http://example.com/path.gmi", false},
 				{"http://example.com/path/", false},
 				{"http://example.org/path", true},
 				{"gemini://example.com/path", false},
 				{"gemini://example.org/path", false},
 			},
 		},
 		{
 			// scheme: http, hostname: *, path: /subtree/*
 			Pattern: "http:///subtree/",
 			Matches: []Match{
 				{"http://example.com/subtree/", true},
 				{"http://example.com/subtree/nested/", true},
 				{"http://example.com/subtree/nested/file", true},
 				{"http://example.org/subtree/", true},
 				{"http://example.org/subtree/nested/", true},
 				{"http://example.org/subtree/nested/file", true},
 				{"http://example.com/subtree", false},
 				{"http://www.example.com/subtree/", true},
 				{"gemini://example.com/subtree/", false},
 			},
 		},
 		{
 			// scheme: *, hostname: *, path: /*
 			Pattern: "//",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
 				{"gemini://example.com/", true},
 				{"gemini://example.com/path.gmi", true},
 				{"gemini://example.com/path/", true},
 				{"gemini://example.org/path", true},
 				{"http://example.com/path", true},
 				{"http://example.org/path", true},
 			},
 		},
 		{
 			// scheme: *, hostname: *, path: /path
 			Pattern: "///path",
 			Matches: []Match{
 				{"gemini://example.com/path", true},
 				{"gemini://example.com/", false},
 				{"gemini://example.com/path.gmi", false},
 				{"gemini://example.com/path/", false},
 				{"gemini://example.org/path", true},
 				{"http://example.com/path", true},
 				{"http://example.org/path", true},
 			},
 		},
 		{
 			// scheme: *, hostname: *, path: /subtree/*
 			Pattern: "///subtree/",
 			Matches: []Match{
 				{"gemini://example.com/subtree/", true},
 				{"gemini://example.com/subtree/nested/", true},
 				{"gemini://example.com/subtree/nested/file", true},
 				{"gemini://example.org/subtree/", true},
 				{"gemini://example.org/subtree/nested/", true},
 				{"gemini://example.org/subtree/nested/file", true},
 				{"gemini://example.com/subtree", false},
 				{"gemini://www.example.com/subtree/", true},
 				{"http://example.com/subtree/", true},
 			},
 		},
 		{
 			// scheme: gemini, hostname: *.example.com, path: /*
 			Pattern: "*.example.com",
@@ -277,25 +329,14 @@ func TestServeMuxMatch(t *testing.T) {
 				{"http://www.example.com/", false},
 			},
 		},
 		{
 			// scheme: http, hostname: *.example.com, path: /*
 			Pattern: "http://*.example.com",
 			Matches: []Match{
 				{"http://mail.example.com/", true},
 				{"http://www.example.com/index.gmi", true},
 				{"http://example.com/", false},
 				{"http://a.b.example.com/", false},
 				{"gemini://www.example.com/", false},
 			},
 		},
 	}
-	for i, test := range tests {
+	for _, test := range tests {
 		h := &nopHandler{}
-		var mux ServeMux
+		var mux Mux
 		mux.Handle(test.Pattern, h)
-		for _, match := range tests[i].Matches {
+		for _, match := range test.Matches {
 			u, err := url.Parse(match.URL)
 			if err != nil {
 				panic(err)
--- a/query.go
+++ b/query.go
@@ -12,7 +12,8 @@ func QueryEscape(query string) string {
 	return strings.ReplaceAll(url.PathEscape(query), "+", "%2B")
 }
-// QueryUnescape is identical to url.PathUnescape.
+// QueryUnescape unescapes a Gemini URL query.
 // It is identical to url.PathUnescape.
 func QueryUnescape(query string) (string, error) {
 	return url.PathUnescape(query)
 }
--- a/request.go
+++ b/request.go
@@ -4,17 +4,13 @@ import (
 	"bufio"
 	"crypto/tls"
 	"io"
 	"net"
 	"net/url"
 )
 // A Request represents a Gemini request received by a server or to be sent
 // by a client.
 //
 // The field semantics differ slightly between client and server usage.
 type Request struct {
-	// URL specifies the URL being requested (for server
+	// URL specifies the URL being requested.
 	// requests) or the URL to access (for client requests).
 	URL *url.URL
 	// For client requests, Host optionally specifies the server to
@@ -23,9 +19,7 @@ type Request struct {
 	// For international domain names, Host may be in Punycode or
 	// Unicode form. Use golang.org/x/net/idna to convert it to
 	// either format if needed.
-	//
+	// This field is ignored by the Gemini server.
 	// For server requests, Host specifies the host on which the URL
 	// is sought.
 	Host string
 	// For client requests, Certificate optionally specifies the
@@ -33,24 +27,10 @@ type Request struct {
 	// This field is ignored by the Gemini server.
 	Certificate *tls.Certificate
 	// RemoteAddr allows Gemini servers and other software to record
 	// the network address that sent the request, usually for
 	// logging. This field is not filled in by ReadRequest.
 	// This field is ignored by the Gemini client.
 	RemoteAddr net.Addr
 	// TLS allows Gemini servers and other software to record
 	// information about the TLS connection on which the request
 	// was received. This field is not filled in by ReadRequest.
 	// The Gemini server in this package sets the field for
 	// TLS-enabled connections before invoking a handler;
 	// otherwise it leaves the field nil.
 	// This field is ignored by the Gemini client.
 	TLS *tls.ConnectionState
 }
 // NewRequest returns a new request.
 //
 // The returned Request is suitable for use with Client.Do.
 //
 // Callers should be careful that the URL query is properly escaped.
@@ -69,45 +49,59 @@ func NewRequest(rawurl string) (*Request, error) {
 // for specialized applications; most code should use the Server
 // to read requests and handle them via the Handler interface.
 func ReadRequest(r io.Reader) (*Request, error) {
-	// Read URL
+	// Limit request size
 	r = io.LimitReader(r, 1026)
 	br := bufio.NewReaderSize(r, 1026)
-	rawurl, err := br.ReadString('\r')
+	b, err := br.ReadBytes('\n')
 	if err != nil {
 		if err == io.EOF {
 			return nil, ErrInvalidRequest
 		}
 		return nil, err
 	}
-	// Read terminating line feed
+	// Read URL
-	if b, err := br.ReadByte(); err != nil {
+	rawurl, ok := trimCRLF(b)
-		return nil, err
+	if !ok {
 	} else if b != '\n' {
 		return nil, ErrInvalidRequest
 	}
-	// Trim carriage return
+	if len(rawurl) == 0 {
 	rawurl = rawurl[:len(rawurl)-1]
 	// Validate URL
 	if len(rawurl) > 1024 {
 		return nil, ErrInvalidRequest
 	}
-	u, err := url.Parse(rawurl)
+	u, err := url.Parse(string(rawurl))
 	if err != nil {
 		return nil, err
 	}
 	return &Request{URL: u}, nil
 }
-// Write writes a Gemini request in wire format.
+// WriteTo writes r to w in the Gemini request format.
 // This method consults the request URL only.
-func (r *Request) Write(w io.Writer) error {
+func (r *Request) WriteTo(w io.Writer) (int64, error) {
 	bw := bufio.NewWriterSize(w, 1026)
 	url := r.URL.String()
 	if len(url) > 1024 {
-		return ErrInvalidRequest
+		return 0, ErrInvalidRequest
 	}
-	if _, err := bw.WriteString(url); err != nil {
+	var wrote int64
-		return err
+	n, err := bw.WriteString(url)
 	wrote += int64(n)
 	if err != nil {
 		return wrote, err
 	}
-	if _, err := bw.Write(crlf); err != nil {
+	n, err = bw.Write(crlf)
-		return err
+	wrote += int64(n)
 	if err != nil {
 		return wrote, err
 	}
-	return bw.Flush()
+	return wrote, bw.Flush()
 }
 // ServerName returns the value of the TLS Server Name Indication extension
 // sent by the client.
 // ServerName returns an empty string for client requests.
 func (r *Request) ServerName() string {
 	if tls := r.TLS; tls != nil {
 		return tls.ServerName
 	}
 	return ""
 }
--- a/request_test.go
+++ b/request_test.go
@@ -2,7 +2,6 @@ package gemini
 import (
 	"bufio"
 	"io"
 	"net/url"
 	"strings"
 	"testing"
@@ -36,25 +35,25 @@ func TestReadRequest(t *testing.T) {
 		},
 		{
 			Raw: "\r\n",
-			URL: &url.URL{},
+			Err: ErrInvalidRequest,
 		},
 		{
 			Raw: "gemini://example.com\n",
-			Err: io.EOF,
+			Err: ErrInvalidRequest,
 		},
 		{
 			Raw: "gemini://example.com",
-			Err: io.EOF,
+			Err: ErrInvalidRequest,
 		},
 		{
 			// 1030 bytes
 			Raw: maxURL + "xxxxxx",
-			Err: io.EOF,
+			Err: ErrInvalidRequest,
 		},
 		{
 			// 1027 bytes
 			Raw: maxURL + "x" + "\r\n",
-			Err: io.EOF,
+			Err: ErrInvalidRequest,
 		},
 		{
 			// 1024 bytes
@@ -119,7 +118,7 @@ func TestWriteRequest(t *testing.T) {
 		t.Logf("%s", test.Req.URL)
 		var b strings.Builder
 		bw := bufio.NewWriter(&b)
-		err := test.Req.Write(bw)
+		_, err := test.Req.WriteTo(bw)
 		if err != test.Err {
 			t.Errorf("expected err = %v, got %v", test.Err, err)
 		}
--- a/response.go
+++ b/response.go
@@ -5,11 +5,12 @@ import (
 	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
 	"strconv"
 )
 // The default media type for responses.
-const defaultMediaType = "text/gemini; charset=utf-8"
+const defaultMediaType = "text/gemini"
 // Response represents the response from a Gemini request.
 //
@@ -17,13 +18,12 @@ const defaultMediaType = "text/gemini; charset=utf-8"
 // header has been received. The response body is streamed on demand
 // as the Body field is read.
 type Response struct {
-	// Status contains the response status code.
+	// Status is the response status code.
 	Status Status
-	// Meta contains more information related to the response status.
+	// Meta returns the response meta.
-	// For successful responses, Meta should contain the media type of the response.
+	// For successful responses, the meta should contain the media type of the response.
-	// For failure responses, Meta should contain a short description of the failure.
+	// For failure responses, the meta should contain a short description of the failure.
 	// Meta should not be longer than 1024 bytes.
 	Meta string
 	// Body represents the response body.
@@ -38,120 +38,105 @@ type Response struct {
 	// close Body.
 	Body io.ReadCloser
-	// TLS contains information about the TLS connection on which the
+	conn net.Conn
 	// response was received. It is nil for unencrypted responses.
 	TLS *tls.ConnectionState
 }
 // ReadResponse reads a Gemini response from the provided io.ReadCloser.
-func ReadResponse(rc io.ReadCloser) (*Response, error) {
+func ReadResponse(r io.ReadCloser) (*Response, error) {
 	resp := &Response{}
 	br := bufio.NewReader(rc)
-	// Read the status
+	// Limit response header size
-	statusB := make([]byte, 2)
+	lr := io.LimitReader(r, 1029)
-	if _, err := br.Read(statusB); err != nil {
+	// Wrap the reader to remove the limit later on
 	wr := &struct{ io.Reader }{lr}
 	br := bufio.NewReader(wr)
 	// Read response header
 	b, err := br.ReadBytes('\n')
 	if err != nil {
 		if err == io.EOF {
 			return nil, ErrInvalidResponse
 		}
 		return nil, err
 	}
-	status, err := strconv.Atoi(string(statusB))
+	if len(b) < 3 {
 		return nil, ErrInvalidResponse
 	}
 	// Read the status
 	status, err := strconv.Atoi(string(b[:2]))
 	if err != nil {
 		return nil, ErrInvalidResponse
 	}
 	resp.Status = Status(status)
 	// Read one space
-	if b, err := br.ReadByte(); err != nil {
+	if b[2] != ' ' {
 		return nil, err
 	} else if b != ' ' {
 		return nil, ErrInvalidResponse
 	}
 	// Read the meta
-	meta, err := br.ReadString('\r')
+	meta, ok := trimCRLF(b[3:])
-	if err != nil {
+	if !ok {
 		return nil, err
 	}
 	// Trim carriage return
 	meta = meta[:len(meta)-1]
 	// Ensure meta is less than or equal to 1024 bytes
 	if len(meta) > 1024 {
 		return nil, ErrInvalidResponse
 	}
-	if resp.Status.Class() == StatusSuccess && meta == "" {
+	if len(meta) == 0 {
 		// Use default media type
 		meta = defaultMediaType
 	}
 	resp.Meta = meta
 	// Read terminating newline
 	if b, err := br.ReadByte(); err != nil {
 		return nil, err
 	} else if b != '\n' {
 		return nil, ErrInvalidResponse
 	}
 	resp.Meta = string(meta)
 	if resp.Status.Class() == StatusSuccess {
-		resp.Body = newReadCloserBody(br, rc)
+		// Use unlimited reader
 		wr.Reader = r
 		type readCloser struct {
 			io.Reader
 			io.Closer
 		}
 		resp.Body = readCloser{br, r}
 	} else {
 		resp.Body = nopReadCloser{}
-		rc.Close()
+		r.Close()
 	}
 	return resp, nil
 }
-type nopReadCloser struct{}
+// Conn returns the network connection on which the response was received.
-
+func (r *Response) Conn() net.Conn {
-func (nopReadCloser) Read(p []byte) (int, error) {
+	return r.conn
 	return 0, io.EOF
 }
-func (nopReadCloser) Close() error {
+// TLS returns information about the TLS connection on which the
 // response was received.
 func (r *Response) TLS() *tls.ConnectionState {
 	if tlsConn, ok := r.conn.(*tls.Conn); ok {
 		state := tlsConn.ConnectionState()
 		return &state
 	}
 	return nil
 }
-type readCloserBody struct {
+// WriteTo writes r to w in the Gemini response format, including the
 	br *bufio.Reader // used until empty
 	io.ReadCloser
 }
 func newReadCloserBody(br *bufio.Reader, rc io.ReadCloser) io.ReadCloser {
 	body := &readCloserBody{ReadCloser: rc}
 	if br.Buffered() != 0 {
 		body.br = br
 	}
 	return body
 }
 func (b *readCloserBody) Read(p []byte) (n int, err error) {
 	if b.br != nil {
 		if n := b.br.Buffered(); len(p) > n {
 			p = p[:n]
 		}
 		n, err = b.br.Read(p)
 		if b.br.Buffered() == 0 {
 			b.br = nil
 		}
 		return n, err
 	}
 	return b.ReadCloser.Read(p)
 }
 // Write writes r to w in the Gemini response format, including the
 // header and body.
 //
 // This method consults the Status, Meta, and Body fields of the response.
 // The Response Body is closed after it is sent.
-func (r *Response) Write(w io.Writer) error {
+func (r *Response) WriteTo(w io.Writer) (int64, error) {
-	if _, err := fmt.Fprintf(w, "%02d %s\r\n", r.Status, r.Meta); err != nil {
+	var wrote int64
-		return err
+	n, err := fmt.Fprintf(w, "%02d %s\r\n", r.Status, r.Meta)
 	wrote += int64(n)
 	if err != nil {
 		return wrote, err
 	}
 	if r.Body != nil {
 		defer r.Body.Close()
-		if _, err := io.Copy(w, r.Body); err != nil {
+		n, err := io.Copy(w, r.Body)
-			return err
+		wrote += n
 		if err != nil {
 			return wrote, err
 		}
 	}
-	return nil
+	return wrote, nil
 }
 // A ResponseWriter interface is used by a Gemini handler to construct
@@ -161,19 +146,19 @@ func (r *Response) Write(w io.Writer) error {
 // has returned.
 type ResponseWriter interface {
 	// SetMediaType sets the media type that will be sent by Write for a
-	// successful response. If no media type is set, a default of
+	// successful response. If no media type is set, a default media type of
-	// "text/gemini; charset=utf-8" will be used.
+	// "text/gemini" will be used.
 	//
 	// Setting the media type after a call to Write or WriteHeader has
 	// no effect.
-	SetMediaType(string)
+	SetMediaType(mediatype string)
 	// Write writes the data to the connection as part of a Gemini response.
 	//
 	// If WriteHeader has not yet been called, Write calls WriteHeader with
 	// StatusSuccess and the media type set in SetMediaType before writing the data.
 	// If no media type was set, Write uses a default media type of
-	// "text/gemini; charset=utf-8".
+	// "text/gemini".
 	Write([]byte) (int, error)
 	// WriteHeader sends a Gemini response header with the provided
@@ -193,20 +178,15 @@ type ResponseWriter interface {
 }
 type responseWriter struct {
-	b           *bufio.Writer
+	bw          *bufio.Writer
 	mediatype   string
 	wroteHeader bool
 	bodyAllowed bool
 }
 // NewResponseWriter returns a ResponseWriter that uses the provided io.Writer.
 func NewResponseWriter(w io.Writer) ResponseWriter {
 	return newResponseWriter(w)
 }
 func newResponseWriter(w io.Writer) *responseWriter {
 	return &responseWriter{
-		b: bufio.NewWriter(w),
+		bw: bufio.NewWriter(w),
 	}
 }
@@ -226,7 +206,7 @@ func (w *responseWriter) Write(b []byte) (int, error) {
 	if !w.bodyAllowed {
 		return 0, ErrBodyNotAllowed
 	}
-	return w.b.Write(b)
+	return w.bw.Write(b)
 }
 func (w *responseWriter) WriteHeader(status Status, meta string) {
@@ -238,10 +218,10 @@ func (w *responseWriter) WriteHeader(status Status, meta string) {
 		w.bodyAllowed = true
 	}
-	w.b.WriteString(strconv.Itoa(int(status)))
+	w.bw.WriteString(strconv.Itoa(int(status)))
-	w.b.WriteByte(' ')
+	w.bw.WriteByte(' ')
-	w.b.WriteString(meta)
+	w.bw.WriteString(meta)
-	w.b.Write(crlf)
+	w.bw.Write(crlf)
 	w.wroteHeader = true
 }
@@ -249,6 +229,6 @@ func (w *responseWriter) Flush() error {
 	if !w.wroteHeader {
 		w.WriteHeader(StatusTemporaryFailure, "Temporary failure")
 	}
-	// Write errors from writeHeader will be returned here.
+	// Write errors from WriteHeader will be returned here.
-	return w.b.Flush()
+	return w.bw.Flush()
 }
--- a/response_test.go
+++ b/response_test.go
@@ -2,6 +2,7 @@ package gemini
 import (
 	"io"
 	"io/ioutil"
 	"strings"
 	"testing"
 )
@@ -37,6 +38,15 @@ func TestReadWriteResponse(t *testing.T) {
 			Meta:      "/redirect",
 			SkipWrite: true, // skip write test since result won't match Raw
 		},
 		{
 			Raw:    "32 " + maxURL + "\r\n",
 			Status: 32,
 			Meta:   maxURL,
 		},
 		{
 			Raw: "33 " + maxURL + "xxxx" + "\r\n",
 			Err: ErrInvalidResponse,
 		},
 		{
 			Raw:    "99 Unknown status code\r\n",
 			Status: 99,
@@ -56,15 +66,15 @@ func TestReadWriteResponse(t *testing.T) {
 		},
 		{
 			Raw: "",
-			Err: io.EOF,
+			Err: ErrInvalidResponse,
 		},
 		{
 			Raw: "10 Search query",
-			Err: io.EOF,
+			Err: ErrInvalidResponse,
 		},
 		{
 			Raw: "20 text/gemini\nHello, world!",
-			Err: io.EOF,
+			Err: ErrInvalidResponse,
 		},
 		{
 			Raw: "20 text/gemini\rHello, world!",
@@ -72,7 +82,7 @@ func TestReadWriteResponse(t *testing.T) {
 		},
 		{
 			Raw: "20 text/gemini\r",
-			Err: io.EOF,
+			Err: ErrInvalidResponse,
 		},
 		{
 			Raw: "abcdefghijklmnopqrstuvwxyz",
@@ -82,11 +92,11 @@ func TestReadWriteResponse(t *testing.T) {
 	for _, test := range tests {
 		t.Logf("%#v", test.Raw)
-		resp, err := ReadResponse(io.NopCloser(strings.NewReader(test.Raw)))
+		resp, err := ReadResponse(ioutil.NopCloser(strings.NewReader(test.Raw)))
 		if err != test.Err {
 			t.Errorf("expected err = %v, got %v", test.Err, err)
 		}
-		if test.Err != nil {
+		if err != nil {
 			// No response
 			continue
 		}
@@ -96,7 +106,7 @@ func TestReadWriteResponse(t *testing.T) {
 		if resp.Meta != test.Meta {
 			t.Errorf("expected meta = %s, got %s", test.Meta, resp.Meta)
 		}
-		b, _ := io.ReadAll(resp.Body)
+		b, _ := ioutil.ReadAll(resp.Body)
 		body := string(b)
 		if body != test.Body {
 			t.Errorf("expected body = %#v, got %#v", test.Body, body)
@@ -107,14 +117,12 @@ func TestReadWriteResponse(t *testing.T) {
 		if test.Err != nil || test.SkipWrite {
 			continue
 		}
 		resp := &Response{
 			Status: test.Status,
 			Meta:   test.Meta,
 			Body:   io.NopCloser(strings.NewReader(test.Body)),
 		}
 		var b strings.Builder
-		if err := resp.Write(&b); err != nil {
+		w := newResponseWriter(nopCloser{&b})
 		w.WriteHeader(test.Status, test.Meta)
 		io.Copy(w, strings.NewReader(test.Body))
 		if err := w.Flush(); err != nil {
 			t.Error(err)
 			continue
 		}
--- a/server.go
+++ b/server.go
@@ -52,7 +52,7 @@ type Server struct {
 	listeners map[*net.Listener]context.CancelFunc
 	conns     map[*net.Conn]context.CancelFunc
-	closed    bool // true if Closed or Shutdown called
+	closed    bool // true if Close or Shutdown called
 	shutdown  bool // true if Shutdown called
 	doneChan  chan struct{}
 	mu        sync.Mutex
@@ -229,8 +229,8 @@ func (srv *Server) deleteListener(l *net.Listener) {
 }
 // Serve accepts incoming connections on the Listener l, creating a new
-// service goroutine for each. The service goroutines reads the request and
+// service goroutine for each. The service goroutines read the requests and
-// then calls the appropriate Handler to reply to them. If the provided
+// then call the appropriate Handler to reply to them. If the provided
 // context expires, Serve closes l and returns the context's error.
 //
 // Serve always closes l and returns a non-nil error.
@@ -282,14 +282,17 @@ func (srv *Server) serve(ctx context.Context, l net.Listener) error {
 			return err
 		}
 		tempDelay = 0
-		go srv.ServeConn(ctx, rw)
+		go srv.serveConn(ctx, rw, false)
 	}
 }
-func (srv *Server) trackConn(conn *net.Conn, cancel context.CancelFunc) bool {
+func (srv *Server) trackConn(conn *net.Conn, cancel context.CancelFunc, external bool) bool {
 	srv.mu.Lock()
 	defer srv.mu.Unlock()
-	if srv.closed && !srv.shutdown {
+	// Reject the connection under the following conditions:
 	// - Shutdown or Close has been called and conn is external (from ServeConn)
 	// - Close (not Shutdown) has been called and conn is internal (from Serve)
 	if srv.closed && (external || !srv.shutdown) {
 		return false
 	}
 	if srv.conns == nil {
@@ -309,15 +312,17 @@ func (srv *Server) deleteConn(conn *net.Conn) {
 // It closes the connection when the response has been completed.
 // If the provided context expires before the response has completed,
 // ServeConn closes the connection and returns the context's error.
 //
 // Note that ServeConn can be used during a Shutdown.
 func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
 	return srv.serveConn(ctx, conn, true)
 }
 func (srv *Server) serveConn(ctx context.Context, conn net.Conn, external bool) error {
 	defer conn.Close()
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
-	if !srv.trackConn(&conn, cancel) {
+	if !srv.trackConn(&conn, cancel, external) {
 		return context.Canceled
 	}
 	defer srv.tryCloseDone()
@@ -332,7 +337,7 @@ func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
 	errch := make(chan error, 1)
 	go func() {
-		errch <- srv.serveConn(ctx, conn)
+		errch <- srv.goServeConn(ctx, conn)
 	}()
 	select {
@@ -343,25 +348,34 @@ func (srv *Server) ServeConn(ctx context.Context, conn net.Conn) error {
 	}
 }
-func (srv *Server) serveConn(ctx context.Context, conn net.Conn) error {
+func (srv *Server) goServeConn(ctx context.Context, conn net.Conn) error {
-	w := newResponseWriter(conn)
+	ctx, cancel := context.WithCancel(ctx)
 	done := ctx.Done()
 	cw := &contextWriter{
 		ctx:    ctx,
 		done:   done,
 		cancel: cancel,
 		wc:     conn,
 	}
 	r := &contextReader{
 		ctx:    ctx,
 		done:   done,
 		cancel: cancel,
 		rc:     conn,
 	}
-	req, err := ReadRequest(conn)
+	w := newResponseWriter(cw)
 	req, err := ReadRequest(r)
 	if err != nil {
 		w.WriteHeader(StatusBadRequest, "Bad request")
 		return w.Flush()
 	}
 	// Store the TLS connection state
 	if tlsConn, ok := conn.(*tls.Conn); ok {
 		state := tlsConn.ConnectionState()
 		req.TLS = &state
 		req.Host = state.ServerName
 	}
 	// Store remote address
 	req.RemoteAddr = conn.RemoteAddr()
 	h := srv.Handler
 	if h == nil {
 		w.WriteHeader(StatusNotFound, "Not found")
--- a/text.go
+++ b/text.go
@@ -125,8 +125,8 @@ func ParseLines(r io.Reader, handler func(Line)) error {
 				name = strings.TrimLeft(name, spacetab)
 				line = LineLink{url, name}
 			}
-		} else if strings.HasPrefix(text, "*") {
+		} else if strings.HasPrefix(text, "* ") {
-			text = text[1:]
+			text = text[2:]
 			text = strings.TrimLeft(text, spacetab)
 			line = LineListItem(text)
 		} else if strings.HasPrefix(text, "###") {
--- a/timeout.go
+++ b/timeout.go
@@ -1,112 +0,0 @@
 package gemini
 import (
 	"bytes"
 	"context"
 	"sync"
 	"time"
 )
 // TimeoutHandler returns a Handler that runs h with the given time limit.
 //
 // The new Handler calls h.ServeGemini to handle each request, but
 // if a call runs for longer than its time limit, the handler responds with a
 // 40 Temporary Failure error. After such a timeout, writes by h to its
 // ResponseWriter will return ErrHandlerTimeout.
 func TimeoutHandler(h Handler, dt time.Duration) Handler {
 	return &timeoutHandler{
 		h:  h,
 		dt: dt,
 	}
 }
 type timeoutHandler struct {
 	h  Handler
 	dt time.Duration
 }
 func (t *timeoutHandler) ServeGemini(ctx context.Context, w ResponseWriter, r *Request) {
 	ctx, cancel := context.WithTimeout(ctx, t.dt)
 	defer cancel()
 	done := make(chan struct{})
 	tw := &timeoutWriter{}
 	panicChan := make(chan interface{}, 1)
 	go func() {
 		defer func() {
 			if p := recover(); p != nil {
 				panicChan <- p
 			}
 		}()
 		t.h.ServeGemini(ctx, tw, r)
 		close(done)
 	}()
 	select {
 	case p := <-panicChan:
 		panic(p)
 	case <-done:
 		tw.mu.Lock()
 		defer tw.mu.Unlock()
 		if !tw.wroteHeader {
 			tw.status = StatusSuccess
 		}
 		w.WriteHeader(tw.status, tw.meta)
 		w.Write(tw.b.Bytes())
 	case <-ctx.Done():
 		tw.mu.Lock()
 		defer tw.mu.Unlock()
 		w.WriteHeader(StatusTemporaryFailure, "Timeout")
 		tw.timedOut = true
 	}
 }
 type timeoutWriter struct {
 	mu          sync.Mutex
 	b           bytes.Buffer
 	status      Status
 	meta        string
 	mediatype   string
 	wroteHeader bool
 	timedOut    bool
 }
 func (w *timeoutWriter) SetMediaType(mediatype string) {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 	w.mediatype = mediatype
 }
 func (w *timeoutWriter) Write(b []byte) (int, error) {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 	if w.timedOut {
 		return 0, ErrHandlerTimeout
 	}
 	if !w.wroteHeader {
 		w.writeHeaderLocked(StatusSuccess, w.mediatype)
 	}
 	return w.b.Write(b)
 }
 func (w *timeoutWriter) WriteHeader(status Status, meta string) {
 	w.mu.Lock()
 	defer w.mu.Unlock()
 	if w.timedOut {
 		return
 	}
 	w.writeHeaderLocked(status, meta)
 }
 func (w *timeoutWriter) writeHeaderLocked(status Status, meta string) {
 	if w.wroteHeader {
 		return
 	}
 	w.status = status
 	w.meta = meta
 	w.wroteHeader = true
 }
 func (w *timeoutWriter) Flush() error {
 	return nil
 }
--- a/tofu/tofu.go
+++ b/tofu/tofu.go
@@ -4,17 +4,16 @@ package tofu
 import (
 	"bufio"
 	"bytes"
-	"crypto/sha512"
+	"crypto/sha256"
 	"crypto/x509"
-	"errors"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 )
 // KnownHosts represents a list of known hosts.
@@ -84,7 +83,11 @@ func (k *KnownHosts) WriteTo(w io.Writer) (int64, error) {
 // Load loads the known hosts entries from the provided path.
 func (k *KnownHosts) Load(path string) error {
-	f, err := os.Open(path)
+	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
 		return err
 	}
 	f, err := os.OpenFile(path, os.O_CREATE|os.O_RDONLY, 0644)
 	if err != nil {
 		return err
 	}
@@ -133,6 +136,9 @@ func (k *KnownHosts) Parse(r io.Reader) error {
 		if err != nil {
 			continue
 		}
 		if h.Algorithm != "sha256" {
 			continue
 		}
 		k.hosts[h.Hostname] = h
 	}
@@ -143,22 +149,17 @@ func (k *KnownHosts) Parse(r io.Reader) error {
 // TOFU implements basic trust on first use.
 //
 // If the host is not on file, it is added to the list.
 // If the host on file is expired, a new entry is added to the list.
 // If the fingerprint does not match the one on file, an error is returned.
 func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error {
-	host := NewHost(hostname, cert.Raw, cert.NotAfter)
+	host := NewHost(hostname, cert.Raw)
 	knownHost, ok := k.Lookup(hostname)
-	if !ok || time.Now().After(knownHost.Expires) {
+	if !ok {
 		k.Add(host)
 		return nil
 	}
-
+	if host.Fingerprint != knownHost.Fingerprint {
 	// Check fingerprint
 	if !bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
 		return fmt.Errorf("fingerprint for %q does not match", hostname)
 	}
 	return nil
 }
@@ -266,21 +267,16 @@ func (p *PersistentHosts) Entries() []Host {
 // TOFU implements trust on first use with a persistent set of known hosts.
 //
 // If the host is not on file, it is added to the list.
 // If the host on file is expired, a new entry is added to the list.
 // If the fingerprint does not match the one on file, an error is returned.
 func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error {
-	host := NewHost(hostname, cert.Raw, cert.NotAfter)
+	host := NewHost(hostname, cert.Raw)
 	knownHost, ok := p.Lookup(hostname)
-	if !ok || time.Now().After(knownHost.Expires) {
+	if !ok {
 		return p.Add(host)
 	}
-
+	if host.Fingerprint != knownHost.Fingerprint {
 	// Check fingerprint
 	if !bytes.Equal(knownHost.Fingerprint, host.Fingerprint) {
 		return fmt.Errorf("fingerprint for %q does not match", hostname)
 	}
 	return nil
 }
@@ -291,22 +287,20 @@ func (p *PersistentHosts) Close() error {
 // Host represents a host entry with a fingerprint using a certain algorithm.
 type Host struct {
-	Hostname    string      // hostname
+	Hostname    string // hostname
-	Algorithm   string      // fingerprint algorithm e.g. SHA-512
+	Algorithm   string // fingerprint algorithm e.g. sha256
-	Fingerprint Fingerprint // fingerprint
+	Fingerprint string // fingerprint
 	Expires     time.Time   // unix time of the fingerprint expiration date
 }
-// NewHost returns a new host with a SHA-512 fingerprint of
+// NewHost returns a new host with a SHA256 fingerprint of
 // the provided raw data.
-func NewHost(hostname string, raw []byte, expires time.Time) Host {
+func NewHost(hostname string, raw []byte) Host {
-	sum := sha512.Sum512(raw)
+	sum := sha256.Sum256(raw)
 	return Host{
 		Hostname:    hostname,
-		Algorithm:   "SHA-512",
+		Algorithm:   "sha256",
-		Fingerprint: sum[:],
+		Fingerprint: base64.StdEncoding.EncodeToString(sum[:]),
 		Expires:     expires,
 	}
 }
@@ -324,95 +318,19 @@ func (h Host) String() string {
 	b.WriteByte(' ')
 	b.WriteString(h.Algorithm)
 	b.WriteByte(' ')
-	b.WriteString(h.Fingerprint.String())
+	b.WriteString(h.Fingerprint)
 	b.WriteByte(' ')
 	b.WriteString(strconv.FormatInt(h.Expires.Unix(), 10))
 	return b.String()
 }
 // UnmarshalText unmarshals the host from the provided text.
 func (h *Host) UnmarshalText(text []byte) error {
 	const format = "hostname algorithm hex-fingerprint expiry-unix-ts"
 	parts := bytes.Split(text, []byte(" "))
-	if len(parts) != 4 {
+	if len(parts) != 3 {
-		return fmt.Errorf("expected the format %q", format)
+		return fmt.Errorf("expected the format 'hostname algorithm fingerprint'")
 	}
 	if len(parts[0]) == 0 {
 		return errors.New("empty hostname")
 	}
 	h.Hostname = string(parts[0])
-
+	h.Algorithm = string(parts[1])
-	algorithm := string(parts[1])
+	h.Fingerprint = string(parts[2])
 	if algorithm != "SHA-512" {
 		return fmt.Errorf("unsupported algorithm %q", algorithm)
 	}
 	h.Algorithm = algorithm
 	fingerprint := make([]byte, 0, sha512.Size)
 	scanner := bufio.NewScanner(bytes.NewReader(parts[2]))
 	scanner.Split(scanFingerprint)
 	for scanner.Scan() {
 		b, err := strconv.ParseUint(scanner.Text(), 16, 8)
 		if err != nil {
 			return fmt.Errorf("failed to parse fingerprint hash: %w", err)
 		}
 		fingerprint = append(fingerprint, byte(b))
 	}
 	if len(fingerprint) != sha512.Size {
 		return fmt.Errorf("invalid fingerprint size %d, expected %d",
 			len(fingerprint), sha512.Size)
 	}
 	h.Fingerprint = fingerprint
 	unix, err := strconv.ParseInt(string(parts[3]), 10, 0)
 	if err != nil {
 		return fmt.Errorf("invalid unix timestamp: %w", err)
 	}
 	h.Expires = time.Unix(unix, 0)
 	return nil
 }
 func scanFingerprint(data []byte, atEOF bool) (advance int, token []byte, err error) {
 	if atEOF && len(data) == 0 {
 		return 0, nil, nil
 	}
 	if i := bytes.IndexByte(data, ':'); i >= 0 {
 		// We have a full newline-terminated line.
 		return i + 1, data[0:i], nil
 	}
 	// If we're at EOF, we have a final, non-terminated hex byte
 	if atEOF {
 		return len(data), data, nil
 	}
 	// Request more data.
 	return 0, nil, nil
 }
 // Fingerprint represents a fingerprint.
 type Fingerprint []byte
 // String returns a string representation of the fingerprint.
 func (f Fingerprint) String() string {
 	var sb strings.Builder
 	for i, b := range f {
 		if i > 0 {
 			sb.WriteByte(':')
 		}
 		fmt.Fprintf(&sb, "%02X", b)
 	}
 	return sb.String()
 }
--- a/vendor.go
+++ b/vendor.go
@@ -1,212 +0,0 @@
 // Hostname verification code from the crypto/x509 package.
 // Modified to allow Common Names in the short term, until new certificates
 // can be issued with SANs.
 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package gemini
 import (
 	"crypto/x509"
 	"net"
 	"strings"
 	"unicode/utf8"
 )
 var oidExtensionSubjectAltName = []int{2, 5, 29, 17}
 func hasSANExtension(c *x509.Certificate) bool {
 	for _, e := range c.Extensions {
 		if e.Id.Equal(oidExtensionSubjectAltName) {
 			return true
 		}
 	}
 	return false
 }
 func validHostnamePattern(host string) bool { return validHostname(host, true) }
 func validHostnameInput(host string) bool   { return validHostname(host, false) }
 // validHostname reports whether host is a valid hostname that can be matched or
 // matched against according to RFC 6125 2.2, with some leniency to accommodate
 // legacy values.
 func validHostname(host string, isPattern bool) bool {
 	if !isPattern {
 		host = strings.TrimSuffix(host, ".")
 	}
 	if len(host) == 0 {
 		return false
 	}
 	for i, part := range strings.Split(host, ".") {
 		if part == "" {
 			// Empty label.
 			return false
 		}
 		if isPattern && i == 0 && part == "*" {
 			// Only allow full left-most wildcards, as those are the only ones
 			// we match, and matching literal '*' characters is probably never
 			// the expected behavior.
 			continue
 		}
 		for j, c := range part {
 			if 'a' <= c && c <= 'z' {
 				continue
 			}
 			if '0' <= c && c <= '9' {
 				continue
 			}
 			if 'A' <= c && c <= 'Z' {
 				continue
 			}
 			if c == '-' && j != 0 {
 				continue
 			}
 			if c == '_' {
 				// Not a valid character in hostnames, but commonly
 				// found in deployments outside the WebPKI.
 				continue
 			}
 			return false
 		}
 	}
 	return true
 }
 // commonNameAsHostname reports whether the Common Name field should be
 // considered the hostname that the certificate is valid for. This is a legacy
 // behavior, disabled by default or if the Subject Alt Name extension is present.
 //
 // It applies the strict validHostname check to the Common Name field, so that
 // certificates without SANs can still be validated against CAs with name
 // constraints if there is no risk the CN would be matched as a hostname.
 // See NameConstraintsWithoutSANs and issue 24151.
 func commonNameAsHostname(c *x509.Certificate) bool {
 	return !hasSANExtension(c) && validHostnamePattern(c.Subject.CommonName)
 }
 func matchExactly(hostA, hostB string) bool {
 	if hostA == "" || hostA == "." || hostB == "" || hostB == "." {
 		return false
 	}
 	return toLowerCaseASCII(hostA) == toLowerCaseASCII(hostB)
 }
 func matchHostnames(pattern, host string) bool {
 	pattern = toLowerCaseASCII(pattern)
 	host = toLowerCaseASCII(strings.TrimSuffix(host, "."))
 	if len(pattern) == 0 || len(host) == 0 {
 		return false
 	}
 	patternParts := strings.Split(pattern, ".")
 	hostParts := strings.Split(host, ".")
 	if len(patternParts) != len(hostParts) {
 		return false
 	}
 	for i, patternPart := range patternParts {
 		if i == 0 && patternPart == "*" {
 			continue
 		}
 		if patternPart != hostParts[i] {
 			return false
 		}
 	}
 	return true
 }
 // toLowerCaseASCII returns a lower-case version of in. See RFC 6125 6.4.1. We use
 // an explicitly ASCII function to avoid any sharp corners resulting from
 // performing Unicode operations on DNS labels.
 func toLowerCaseASCII(in string) string {
 	// If the string is already lower-case then there's nothing to do.
 	isAlreadyLowerCase := true
 	for _, c := range in {
 		if c == utf8.RuneError {
 			// If we get a UTF-8 error then there might be
 			// upper-case ASCII bytes in the invalid sequence.
 			isAlreadyLowerCase = false
 			break
 		}
 		if 'A' <= c && c <= 'Z' {
 			isAlreadyLowerCase = false
 			break
 		}
 	}
 	if isAlreadyLowerCase {
 		return in
 	}
 	out := []byte(in)
 	for i, c := range out {
 		if 'A' <= c && c <= 'Z' {
 			out[i] += 'a' - 'A'
 		}
 	}
 	return string(out)
 }
 // verifyHostname returns nil if c is a valid certificate for the named host.
 // Otherwise it returns an error describing the mismatch.
 //
 // IP addresses can be optionally enclosed in square brackets and are checked
 // against the IPAddresses field. Other names are checked case insensitively
 // against the DNSNames field. If the names are valid hostnames, the certificate
 // fields can have a wildcard as the left-most label.
 //
 // The legacy Common Name field is ignored unless it's a valid hostname, the
 // certificate doesn't have any Subject Alternative Names, and the GODEBUG
 // environment variable is set to "x509ignoreCN=0". Support for Common Name is
 // deprecated will be entirely removed in the future.
 func verifyHostname(c *x509.Certificate, h string) error {
 	// IP addresses may be written in [ ].
 	candidateIP := h
 	if len(h) >= 3 && h[0] == '[' && h[len(h)-1] == ']' {
 		candidateIP = h[1 : len(h)-1]
 	}
 	if ip := net.ParseIP(candidateIP); ip != nil {
 		// We only match IP addresses against IP SANs.
 		// See RFC 6125, Appendix B.2.
 		for _, candidate := range c.IPAddresses {
 			if ip.Equal(candidate) {
 				return nil
 			}
 		}
 		return x509.HostnameError{c, candidateIP}
 	}
 	names := c.DNSNames
 	if commonNameAsHostname(c) {
 		names = []string{c.Subject.CommonName}
 	}
 	candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
 	validCandidateName := validHostnameInput(candidateName)
 	for _, match := range names {
 		// Ideally, we'd only match valid hostnames according to RFC 6125 like
 		// browsers (more or less) do, but in practice Go is used in a wider
 		// array of contexts and can't even assume DNS resolution. Instead,
 		// always allow perfect matches, and only apply wildcard and trailing
 		// dot processing to valid hostnames.
 		if validCandidateName && validHostnamePattern(match) {
 			if matchHostnames(match, candidateName) {
 				return nil
 			}
 		} else {
 			if matchExactly(match, candidateName) {
 				return nil
 			}
 		}
 	}
 	return x509.HostnameError{c, h}
 }
Author	SHA1	Message	Date
Sasha Koshka	4985bf0bc8	Add link to ogirinal in readme	2023-05-26 00:45:08 -04:00
Sasha Koshka	f6d3c47816	Export TLS & remove conn in request struct This makes it possible to fully create another request outside of this module (which Hnakra will need) and has better parity with net/http.	2023-05-26 00:38:12 -04:00
Sasha Koshka	24d70951c9	Change package URL in go.mod	2023-05-26 00:37:56 -04:00
Sasha Koshka	b436ec8cb5	Change import paths	2023-05-25 18:45:53 -04:00
Sasha Koshka	54f7209f13	Update readme	2023-05-25 18:27:52 -04:00
Adnan Maolood	b0f27c6f74	fs: Prevent invalid directory links A file with a name like "gemini:example" would previously result in the following invalid link: => gemini:example gemini:example Fix by prepending a "./" before each filename, so that the resulting link looks like: => ./gemini:example gemini:example	2022-05-07 13:54:56 -04:00
Yujiri	8c0af18617	Fix parsing of list item lines According to section 5.5.2 of the Gemini specification (v0.16.1), the space is mandatory.	2022-03-15 11:07:04 -04:00
Adnan Maolood	353416685a	doc: Fix Mux documentation	2022-02-16 12:01:55 -05:00
Adnan Maolood	0ceec22705	readme: Update Gemini specification version	2021-12-18 12:51:04 -05:00
Adnan Maolood	3d2110d90f	mux: Tweak documentation	2021-06-26 20:26:30 -04:00
Adnan Maolood	b5c47a5ef0	mux: Add more tests	2021-06-26 20:16:38 -04:00
Adnan Maolood	fb0d4d24bd	mux: Remove support for handling schemes Also fix redirection to subtree roots for wildcard patterns and patterns without a host name.	2021-06-26 18:50:09 -04:00
Adnan Maolood	1170e007d4	fs: Avoid equality check if lengths don't match	2021-04-21 12:48:27 -04:00
Adnan Maolood	c85759d777	fs: Improve redirect behavior	2021-04-21 12:41:56 -04:00
Adnan Maolood	507773618b	fs: Refactor	2021-04-21 12:18:52 -04:00
Adnan Maolood	3bc243dd66	fs: Remove ServeContent function	2021-04-21 11:41:40 -04:00
Adnan Maolood	de93d44786	LoggingMiddleware: Prevent writing empty meta	2021-04-21 11:38:34 -04:00
Adnan Maolood	eb32c32063	fs: Fix panic on indexing URL of zero length	2021-04-21 11:36:43 -04:00
Adnan Maolood	e5cf345273	Update README.md	2021-03-24 13:30:46 -04:00
Adnan Maolood	c68ce57488	mux: Add copyright notice	2021-03-24 13:09:53 -04:00
Adnan Maolood	2b161650fe	Split LICENSE into two files	2021-03-24 13:08:32 -04:00
Adnan Maolood	dbbef1fb6d	Revert "Require Go 1.16" This reverts commit `0e87d64ffc`.	2021-03-23 22:05:12 -04:00
Adnan Maolood	90518a01a8	Revert "Replace uses of ioutil with io" This reverts commit `19f1d6693e`.	2021-03-23 22:02:32 -04:00
Adnan Maolood	056e55abbb	response: Remove unnecessary length check	2021-03-20 18:29:40 -04:00
Adnan Maolood	72d437c82e	response: Limit response header size	2021-03-20 14:01:45 -04:00
Adnan Maolood	3dca29eb41	response: Don't use bufReadCloser	2021-03-20 13:41:53 -04:00
Adnan Maolood	a40b5dcd0b	fs: Fix empty media type for directory index pages	2021-03-20 13:33:15 -04:00
Adnan Maolood	fffe86680e	client: Only get cert if TrustCertificate is set	2021-03-20 12:54:41 -04:00
Adnan Maolood	d5af32e121	client: Close connection on error	2021-03-20 12:49:27 -04:00
Adnan Maolood	5141eaafaa	Tweak request and response parsing	2021-03-20 12:27:20 -04:00
Adnan Maolood	e5c0afa013	response: Treat empty meta as invalid	2021-03-20 12:07:24 -04:00
Adnan Maolood	4c7c200f92	Remove unused field	2021-03-20 12:05:21 -04:00
Adnan Maolood	0a709da439	Remove charset=utf-8 from default media type	2021-03-20 12:04:42 -04:00
Adnan Maolood	1fdef9b608	Rename ServeMux to Mux	2021-03-15 15:44:35 -04:00
Adnan Maolood	2144e2c2f2	status: Reintroduce StatusSensitiveInput	2021-03-15 15:19:43 -04:00
Adnan Maolood	93a606b591	certificate.Store: Call os.MkdirAll on Load	2021-03-09 08:59:28 -05:00
Adnan Maolood	b00794f236	tofu: Use stricter file permissions	2021-03-09 08:58:36 -05:00
Noah Kleiner	3da7fe7cee	tofu: Create path if not exists This commit is a follow-up to `56774408` which does not take into account the case that the parent directory of the known_hosts file does not already exist.	2021-03-09 08:50:42 -05:00
Adnan Maolood	dea7600f29	Remove StatusSensitiveInput	2021-03-08 14:08:45 -05:00
Adnan Maolood	7d958a4798	examples/client: Fix certificate trust check	2021-03-08 14:07:18 -05:00
Adnan Maolood	a5493b708a	tofu: Fix known host unmarshaling	2021-03-06 15:49:11 -05:00
Adnan Maolood	6e5c2473e7	tofu: Use base64-encoded sha256 fingerprints	2021-03-06 15:24:15 -05:00
Adnan Maolood	c639233ea1	tofu: Fix format in error message	2021-03-06 15:13:06 -05:00
Adnan Maolood	5677440876	tofu: Automatically create file in KnownHosts.Load	2021-03-06 15:11:30 -05:00
Adnan Maolood	be3d09d7f4	certificate.Store: Don't call os.MkdirAll	2021-03-06 13:11:11 -05:00
Adnan Maolood	504da9afd8	certificate.Store: Don't check parent scopes in Lookup Limit the scopes of client certificates to hostnames only instead of hostnames and paths.	2021-03-06 12:59:33 -05:00
Adnan Maolood	d1cb8967b6	certificate.Store: Make 100 years the default duration	2021-03-05 23:29:56 -05:00
Adnan Maolood	107b3a1785	Move LoggingMiddleware out of examples/server.go	2021-03-05 11:35:01 -05:00
Adnan Maolood	e7a06a12bf	certificate.Store: Clean scope path in Load Clean the scope path so that trimming the path from the scope works for relative paths.	2021-03-05 10:51:55 -05:00
Adnan Maolood	649b20659b	Revert "certificate: Remove Subject from CreateOptions" This reverts commit `ce649ecc66`.	2021-03-04 20:04:46 -05:00
Adnan Maolood	c9e2af98f3	Revert "certificate.Store: Allow using '*' in DNSNames" This reverts commit `de0b93a4f6`.	2021-03-04 19:26:13 -05:00
Adnan Maolood	d6d02e398e	certificate.Store: Bump default duration to 250 years	2021-03-04 16:55:09 -05:00
Adnan Maolood	de0b93a4f6	certificate.Store: Allow using '*' in DNSNames This isn't exactly a valid DNSName, but it reduces the number of certificates that need to be created. Clients should either accept it or skip checking DNSNames.	2021-03-04 16:40:25 -05:00
Adnan Maolood	ce649ecc66	certificate: Remove Subject from CreateOptions	2021-03-04 16:27:16 -05:00
Adnan Maolood	688e7e2823	certificate: Fix deadlock in Store.Get	2021-03-04 16:20:57 -05:00
Adnan Maolood	b38311da00	certificate.Store: Fix hostname registration check	2021-03-04 16:12:36 -05:00
Adnan Maolood	8e2ac24830	tofu: Remove expiration timestamp from known hosts	2021-03-04 15:37:02 -05:00
Adnan Maolood	bfa3356d3a	client: Remove hostname verification check	2021-03-04 14:36:31 -05:00
Adnan Maolood	9f3564936e	client: Ignore certificate expiration time	2021-03-04 14:35:51 -05:00
Adnan Maolood	d8fb072826	Rename vendor.go to verify_hostname.go	2021-02-28 23:21:10 -05:00
Adnan Maolood	69f0913b3d	Make Response implement io.WriterTo	2021-02-28 22:21:54 -05:00
Adnan Maolood	f7012b38da	Request.WriteTo: return int64	2021-02-28 22:20:59 -05:00
Adnan Maolood	768ec6c17b	Make Request implement io.WriterTo	2021-02-28 22:16:38 -05:00
Adnan Maolood	ae7d58549d	Add message argument to TimeoutHandler	2021-02-28 22:07:24 -05:00
Adnan Maolood	ad5d78f08f	Mention that Request methods don't work for clients	2021-02-28 21:59:19 -05:00
Adnan Maolood	4b92c71839	Remove Request.RemoteAddr helper method	2021-02-28 21:52:41 -05:00
Adnan Maolood	19f1d6693e	Replace uses of ioutil with io	2021-02-28 21:38:36 -05:00
Adnan Maolood	0e87d64ffc	Require Go 1.16	2021-02-28 21:38:17 -05:00
Adnan Maolood	845f8e9bd1	Reintroduce Response.Write method	2021-02-28 20:50:18 -05:00
Adnan Maolood	cf9ab18c1f	certificate.Store: Check parent scopes in Lookup	2021-02-28 20:23:32 -05:00
Adnan Maolood	ada42ff427	certificate.Store: Support client certificates	2021-02-28 19:29:25 -05:00
Adnan Maolood	fcc71b76d9	examples/server: Clean up LoggingMiddleware	2021-02-27 14:53:37 -05:00
Adnan Maolood	6a1ccdc644	response: Add tests for maximum-length META	2021-02-27 14:08:31 -05:00
Adnan Maolood	f156be19b4	request: Add RemoteAddr helper function	2021-02-27 14:03:33 -05:00
Adnan Maolood	82bdffc1eb	request: Add ServerName helper method	2021-02-27 14:02:30 -05:00
Adnan Maolood	a396ec77e4	request: Cache calls to TLS	2021-02-27 13:59:45 -05:00
Adnan Maolood	21ad3a2ded	server: Disallow ServeConn usage after Shutdown	2021-02-24 19:25:52 -05:00
Adnan Maolood	2d7f28e152	Update examples/client.go	2021-02-24 19:21:31 -05:00
Adnan Maolood	1764e02d1e	Remove ResponseWriter.Close method	2021-02-24 19:00:09 -05:00
Adnan Maolood	1bc5c68c3f	response: Revert to using fields instead of methods	2021-02-24 18:50:40 -05:00
Adnan Maolood	867074d81b	examples/client: Fix display of response status	2021-02-24 16:16:42 -05:00
Adnan Maolood	1da23ba07b	Revert "Replace uses of ioutil with io" This reverts commit `48c67bcead`.	2021-02-24 14:45:57 -05:00
Adnan Maolood	cbfbeb6c22	Don't require Go 1.16	2021-02-24 14:29:29 -05:00
Adnan Maolood	c3418fdfed	Add missing import	2021-02-24 14:28:47 -05:00
Adnan Maolood	6181751e8d	Move mimetype registration to gemini.go	2021-02-24 14:27:49 -05:00
Adnan Maolood	48c67bcead	Replace uses of ioutil with io	2021-02-24 11:11:10 -05:00
Adnan Maolood	25f441f573	fs: Remove build constraint	2021-02-24 11:01:02 -05:00
Adnan Maolood	cb7879c966	Add NewResponse function	2021-02-24 10:48:17 -05:00
Adnan Maolood	19bfca1cc3	examples/server: Cancel context	2021-02-24 10:27:28 -05:00
Adnan Maolood	991b18d526	examples/server: Add logging middleware	2021-02-24 10:25:08 -05:00
Adnan Maolood	b66b287f94	ResponseWriter: Remove unexported method	2021-02-24 10:01:46 -05:00
Adnan Maolood	bd29d76f66	client: Fix copying of request	2021-02-24 09:48:23 -05:00
Adnan Maolood	1d20a6c3c8	examples/client: Use Response methods	2021-02-24 09:22:25 -05:00
Adnan Maolood	6f46b2fa47	examples/auth: Use Request.TLS method	2021-02-24 09:22:01 -05:00
Adnan Maolood	15385e3095	fs: Fix Go build constraint comment	2021-02-24 09:00:28 -05:00
Adnan Maolood	3101856afa	response: Move to methods	2021-02-24 08:43:57 -05:00
Adnan Maolood	094c16297b	server: Fix comment	2021-02-24 08:38:08 -05:00
Adnan Maolood	08f5ddd41a	TimeoutHandler: Mention returned error	2021-02-24 08:37:52 -05:00
Adnan Maolood	41c95add81	Add unexported method to timeout writer	2021-02-24 08:34:26 -05:00
Adnan Maolood	de339490f4	Move ResponseWriter Conn and TLS methods to Request	2021-02-24 08:24:49 -05:00
Adnan Maolood	b488146cc6	Remove ResponseWriter.Hijack method	2021-02-24 08:22:12 -05:00
Adnan Maolood	069b473c28	Implement TimeoutHandler by wrapping ResponseWriter	2021-02-24 08:18:23 -05:00
Kaleb Elwert	2c2d74bcb2	Only use fs.go when fs.FS is available	2021-02-24 07:41:53 -05:00
Adnan Maolood	3660698a4b	Make ResponseWriter an interface Make ResponseWriter an interface with an unexported method. Implementors must embed a ResponseWriter from elsewhere. This gives us the flexibility of an interface while allowing us to add new methods in the future.	2021-02-24 00:13:46 -05:00
Adnan Maolood	526d232ab0	Remove ErrHandlerTimeout	2021-02-23 22:15:19 -05:00
Adnan Maolood	f08efa330f	Move TimeoutHandler to handler.go	2021-02-23 22:12:04 -05:00
Adnan Maolood	310bd16344	Unexport NewResponseWriter	2021-02-23 22:02:47 -05:00
Adnan Maolood	9eae88f00c	Reimplement TimeoutHandler	2021-02-23 21:59:16 -05:00
Adnan Maolood	b386a9ba41	response: Change field names	2021-02-23 21:51:42 -05:00
Adnan Maolood	f28a63ff0c	Add ResponseWriter.Hijack method	2021-02-23 21:36:29 -05:00
Adnan Maolood	d35dd3d867	ResponseWriter: Add TLS and Conn methods	2021-02-23 20:59:04 -05:00
Adnan Maolood	75abb99518	request: Remove TLS and Conn methods	2021-02-23 20:57:53 -05:00
Adnan Maolood	e8d98ef4ec	Move I/O utilities to io.go	2021-02-23 20:49:55 -05:00
Adnan Maolood	a65c3c3d4f	Make ResponseWriter a struct Make ResponseWriter a struct again so that it can be extended in a backwards-compatible way.	2021-02-23 20:41:16 -05:00
Adnan Maolood	64f9381bbc	handler: Mention when the context is canceled	2021-02-23 19:01:12 -05:00
Adnan Maolood	a34cf6dd1b	handler: Mention ResponseWriter.Close method	2021-02-23 18:59:20 -05:00
Adnan Maolood	b3e8d9ccf3	client: Clarify usage of contexts	2021-02-23 18:56:18 -05:00
Adnan Maolood	a7c449a3cf	Use HandlerFunc to implement StatusHandler	2021-02-23 18:52:00 -05:00
Adnan Maolood	02bbedc330	Update documentation	2021-02-23 18:45:58 -05:00
Adnan Maolood	5cf936d304	Update documentation	2021-02-23 17:52:47 -05:00
Adnan Maolood	f1f933925c	Update examples/client.go	2021-02-23 17:52:34 -05:00
Adnan Maolood	e1c04ee605	Make Response an io.ReadCloser	2021-02-23 17:50:47 -05:00
Adnan Maolood	ae3fc2fc73	response: Add Close method	2021-02-23 17:32:23 -05:00
Adnan Maolood	311233a012	request: Fix documentation for TLS	2021-02-23 17:30:46 -05:00
Adnan Maolood	c688defefd	request: Add Conn and TLS methods	2021-02-23 17:29:50 -05:00
Adnan Maolood	83c904913f	response: Add Conn and TLS methods	2021-02-23 16:36:17 -05:00
Adnan Maolood	833edaf63d	server: Cancel context on IO errors	2021-02-23 16:06:57 -05:00
Adnan Maolood	d07e9d99d1	client: Move context handling to do	2021-02-23 16:01:29 -05:00
Adnan Maolood	31e16d5a4c	examples/client: Stream response body	2021-02-23 15:56:44 -05:00
Adnan Maolood	9974071657	client: Cancel context on IO errors Also close the connection when the context expires.	2021-02-23 15:52:47 -05:00
Adnan Maolood	09e3393e4c	examples/stream: Simplify	2021-02-23 15:31:41 -05:00
Adnan Maolood	1aa85d0683	timeout: Don't recover from panics	2021-02-23 15:30:44 -05:00
Adnan Maolood	62e22b4cf2	response: Remove TLS field	2021-02-23 15:29:27 -05:00
Adnan Maolood	eee7156b3a	Update documentation	2021-02-23 14:29:37 -05:00
Adnan Maolood	d8b5fa716a	client: Use present tense in documentation	2021-02-23 12:21:05 -05:00