👧 gurl

A Gemini command line interface similar to curl written in Zig.

Project State

• [x] Successful TLS 1.2 handshake
• [x] Successful GET request header exchange
• [x] Successful body download
• [x] header parsing
• [x] URL parser
• [x] DNS resolving
• [ ] MIME parsing
• [ ] All of the correct heading handling
  • [x] Follow absolute redirects
  • [ ] Follow relative redirects
  • [ ] Pretty-printing and guidance messages for failed requests
• [ ] TOFU (trust on first use) for SSL connections
  • [x] Implement primitive TOFU (store public key, not certificate)
  • [ ] Implement correct TOFU (trust on first use) for SSL connections
• [ ] Client certificates
  • [ ] temporary cert
  • [ ] permanent cert
• [x] Use XDG directories
• [ ] Implement windows port
  • [x] Port zig-network to windows
  • [x] Implement correct config directory locating for windows
  • [ ] Trust Anchor support for windows

Dependencies

• Zig 0.6.0 or newer
• BearSSL (provided as submodule)
• zig-network (provided as submodule)

Build Instructions

1. Refresh submodules (git submodule init, git submodule update)
2. Build gurl (zig build)
3. Run ./zig-cache/bin/gurl

Design Considerations

Give the user control over their system and make configuration easy.

Certificate Trust

• accept any certificate
• auto-accept the cert on first use (TOFU)
• use CAs or ask user on first sight (TOFU+CA)
• always ask on first sight (interactive TOFU)
• auto-accept when first seen in a session (TOFU, no disk usage)
• always ask when first seen in a session (interactive TOFU, no disk usage)

Future Plans

Correctly adhere to XDG standards and use xdg-open

TOFU Notes

Current implementation just stores the public key of the server and not the certificate with fingerprint and everything

That certificate's fingerprint and expiry date are saved in a persistent database (like the .known_hosts file for SSH), associated with the server's hostname.

Client Certificate Process

• Wait for specification update

Tools

Connect with OpenSSL:

openssl s_client --connect domain.name -quiet -verify_quiet

Dump DER certificate information:

openssl x509 -in trust-store/mozz.us/cert-1.der -inform der -text

Convert DER to PEM:

openssl x509 -inform der -in trust-store/gemini.conman.org/cert-0.der -out conman.pem