sashakoshka/go-gemini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Fork of go-gemini
27 Commits 1 Branch 31 Tags 582 KiB
Go 100%
99b50e6caf
Go to file
adnano 99b50e6caf Sort ServeMux entries by length
2020-09-25 11:00:18 -04:00
examples Sort ServeMux entries by length 2020-09-25 11:00:18 -04:00
gemini.go Sort ServeMux entries by length 2020-09-25 11:00:18 -04:00
go.mod Initial commit 2020-09-21 15:49:09 -04:00
LICENSE Add LICENSE 2020-09-21 15:55:27 -04:00
README.md Update README.md 2020-09-25 10:09:41 -04:00

README.md

go-gemini

GoDoc

go-gemini implements the Gemini protocol in Go.

It aims to provide an API similar to that of net/http to make it easy to develop Gemini clients and servers.

Examples

See examples/client and examples/server for an example client and server.

To run the examples:

go run -tags=example ./examples/server

Overview

A quick overview of the Gemini protocol:

  1. Client opens connection
  2. Server accepts connection
  3. Client and server complete a TLS handshake
  4. Client validates server certificate
  5. Client sends request
  6. Server sends response header
  7. Server sends response body (only for successful responses)
  8. Server closes connection
  9. Client handles response

The way this is implemented in this package is like so:

  1. Client makes a request with NewRequest. The client can verify server certificates in the Request options, see Recommended TLS configuration.
  2. Server recieves the request and constructs a response. The server calls the Serve(*ResponseWriter, *Request) method on the Handler field. The handler writes the response. The server then closes the connection.
  3. Client recieves the response as a *Response. The client then handles the response. The client can now verify the certificate of the server using a Trust-On-First-Use method.

Recommended TLS configuration

For clients, the recommended TLS configuration is as follows:

// Accept self-signed server certificates
req.TLSConfig.InsecureSkipVerify = true
// Manually verify server certificates, using TOFU
req.TLSConfig.VerifyPeerCertificate = func(rawCerts [][]byte, chains [][]*x509.Certificate) error {
	// Verify the server certificate here
	// Return an error on failure, or nil on success
	return nil
}

Note that gemini.Get does not verify server certificates.

For servers, the recommended TLS configuration is as follows:

// Specify a certificate
// To load a certificate, use `tls.LoadX509KeyPair`.
srv.TLSConfig.Certificates = append(srv.TLSConfig.Certificates, cert)
// Request client certificates
srv.TLSConfig.ClientAuth = tls.RequestClientCert