👧 gurl
A Gemini command line interface similar to curl written in Zig.
Project State
- [x] Successful TLS 1.2 handshake
- [x] Successful GET request header exchange
- [x] Successful body download
- [x] header parsing
- [x] URL parser
- [x] DNS resolving
- [ ] MIME parsing
- [ ] All of the correct heading handling
- [x] Follow absolute redirects
- [ ] Follow relative redirects
- [ ] Pretty-printing and guidance messages for failed requests
- [ ] TOFU (trust on first use) for SSL connections
- [x] Implement primitive TOFU (store public key, not certificate)
- [ ] Implement correct TOFU (trust on first use) for SSL connections
- [ ] Client certificates
- [ ] temporary cert
- [ ] permanent cert
- [x] Use XDG directories
- [ ] Implement windows port
- [x] Port
zig-network
to windows
- [x] Implement correct config directory locating for windows
- [ ] Trust Anchor support for windows
Dependencies
Build Instructions
- Refresh submodules (
git submodule init
, git submodule update
)
- Build gurl (
zig build
)
- Run
./zig-cache/bin/gurl
Design Considerations
Give the user control over their system and make configuration easy.
Certificate Trust
- accept any certificate
- auto-accept the cert on first use (TOFU)
- use CAs or ask user on first sight (TOFU+CA)
- always ask on first sight (interactive TOFU)
- auto-accept when first seen in a session (TOFU, no disk usage)
- always ask when first seen in a session (interactive TOFU, no disk usage)
Future Plans
Correctly adhere to XDG standards and use xdg-open
TOFU Notes
Current implementation just stores the public key of the server and
not the certificate with fingerprint and everything
That certificate's fingerprint and expiry date are saved in a
persistent database (like the .known_hosts file for SSH), associated
with the server's hostname.
Client Certificate Process
- Wait for specification update
Tools
Connect with OpenSSL:
openssl s_client --connect domain.name -quiet -verify_quiet
Dump DER certificate information:
openssl x509 -in trust-store/mozz.us/cert-1.der -inform der -text
Convert DER to PEM:
openssl x509 -inform der -in trust-store/gemini.conman.org/cert-0.der -out conman.pem