makew0rld
commented
2 years ago It sounds like the certificate you've generated for Agena is invalid. TLS certificates for IP addresses can't just contain the IP address in the Common Name field, it has to be another area, I guess the "IP SAN". If you look into how to generate certificates for IP addresses you'll find more info on this.
I suspect AV-98 is just less strict about cert parsing/handling.
Amfora version: 1.9.2
Linux klamot 5.18.11-hardened1-1-hardened #1 SMP PREEMPT_DYNAMIC Wed, 13 Jul 2022 05:20:06 +0000 x86_64 GNU/Linux
If I open gopher link over agena proxy amfora gives error:
"Failed` to connect to the server: hostname does not verify: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs."
At the same time agena proxy:
Exception occurred during processing of request from ('127.0.0.1', 33446) Traceback (most recent call last): File "/usr/lib/python3.10/socketserver.py", line 316, in _handle_request_noblock self.process_request(request, client_address) File "/usr/lib/python3.10/socketserver.py", line 347, in process_request self.finish_request(request, client_address) File "/usr/lib/python3.10/socketserver.py", line 360, in finish_request self.RequestHandlerClass(request, client_address, self) File "/usr/lib/python3.10/socketserver.py", line 747, in init self.handle() File "/home/tux/.local/bin/agena.py", line 35, in handle self.send_gemini_header(50, "Agena only proxies to gopher resources.") File "/home/tux/.local/bin/agena.py", line 64, in send_gemini_header self.request.send("{} {}\r\n".format(status, meta).encode("UTF-8")) File "/usr/lib/python3.10/ssl.py", line 1206, in send return self._sslobj.write(data) ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2396)
With av98 proxy works fine.