gemini-diagnostics icon indicating copy to clipboard operation
gemini-diagnostics copied to clipboard
verified publisher icon michael-lazar

twins fails the close_notify test while Gemini Portal shows passing

Open tslocum opened this issue 5 years ago • 3 comments

twins: https://gitlab.com/tslocum/twins

Gemini Portal claims close_notify is sent, while gemini-diagnostics does not:

[TLSCloseNotify] Server should send a close_notify alert before closing the connection
Checking for close_notify TLS signal
Request URL
  'gemini://twins.rocketnine.space/\r\n'
Response header
  '20 text/gemini; charset=utf-8; size=1370; cache=43200\r\n'
  x TLS close_notify signal was not received

Go programs send close_notify when closing a connection. I believe this is an issue in gemini-diagnostics.

tslocum avatar Nov 19 '20 17:11 tslocum

Hmm..

[TLSCloseNotify] Server should send a close_notify alert before closing the connection
Checking for close_notify TLS signal
Request URL
  'gemini://twins.rocketnine.space/\r\n'
Response header
  '20 text/gemini; charset=utf-8; size=1370; cache=43200\r\n'
  ✓ TLS close_notify signal was received successfully

I copied the code directly from the web portal to this script, so I promise it's the same 😄 .

If anything there might be something funky with the client python/openssl version causing this. From my OS, it appears to be negotiating TLSv1.3 with your server which looks good.

[TLSVersion] Server must negotiate at least TLS v1.2, ideally TLS v1.3
Checking client library
  'OpenSSL 1.1.1g  21 Apr 2020'
Determining highest supported TLS version
  ✓ Negotiated TLSv1.3

michael-lazar avatar Nov 19 '20 18:11 michael-lazar

Thanks. I'm using OpenSSL 1.1.1g on Gentoo:

[ebuild   R    ] dev-libs/openssl-1.1.1g:0/1.1::gentoo  USE="asm zlib -bindist -rfc3779 -sctp -sslv3 -static-libs -test -tls-heartbeat -vanilla" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="(sse2)" 0 KiB

Glad to share more info if it's helpful, just let me know what I can do.

tslocum avatar Nov 19 '20 19:11 tslocum

It's happening the same thing with gmid. The portal says that I'm sending it, and I'm sure I do, but when I test locally it fails.

[TLSVersion] Server must negotiate at least TLS v1.2, ideally TLS v1.3
Checking client library
  'LibreSSL 3.3.1'
Determining highest supported TLS version
  ✓ Negotiated TLSv1.3

[...]

[TLSCloseNotify] Server should send a close_notify alert before closing the connection
Checking for close_notify TLS signal
Request URL
  'gemini://localhost/\r\n'
Response header
  '20 text/gemini; lang=en\r\n'
  x TLS close_notify signal was not received

I tested both against a local instance and across a LAN, same result. All tests ran on OpenBSD-CURRENT.

omar-polo avatar Jan 31 '21 11:01 omar-polo