<feed xmlns='http://www.w3.org/2005/Atom'>
<title>gmnisrv, branch main</title>
<subtitle>Fork of gmnisrv (Gemini server): full CA certificate chain (Lets Encrypt), TLS 1.3 only, handshake buffer-overflow fix
</subtitle>
<id>https://git.virebent.art/virebent/gmnisrv/atom?h=main</id>
<link rel='self' href='https://git.virebent.art/virebent/gmnisrv/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/'/>
<updated>2026-06-26T17:20:00+00:00</updated>
<entry>
<title>Serve CA full chain (Let's Encrypt), TLS 1.3, fix handshake buffer overflow</title>
<updated>2026-06-26T17:20:00+00:00</updated>
<author>
<name>Gab Virebent</name>
<email>gab@virebent.art</email>
</author>
<published>2026-06-26T17:20:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=fb48d1308d2f63f8e9b23c5d1d921783fa0dacbe'/>
<id>urn:sha1:fb48d1308d2f63f8e9b23c5d1d921783fa0dacbe</id>
<content type='text'>
- tls.c/config.h: read full PEM chain into STACK_OF(X509), send via SSL_set1_chain
- tls.c: minimum protocol TLS 1.2 -&gt; TLS 1.3
- server.c: drain handshake output via local buffer loop instead of staging
  into the fixed 4 KB client buffer (a full CA chain overflowed it -&gt; assert)
- FORK.md: describe the fork
</content>
</entry>
<entry>
<title>README.md: add maintenance notice</title>
<updated>2023-01-16T12:33:40+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2023-01-16T12:33:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=41c4bfecc770ea7c914e845e4ac3792cb4a473d3'/>
<id>urn:sha1:41c4bfecc770ea7c914e845e4ac3792cb4a473d3</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Close some files when too many are open</title>
<updated>2022-12-19T11:02:08+00:00</updated>
<author>
<name>Remy Noulin</name>
<email>loader2x@gmail.com</email>
</author>
<published>2022-11-22T07:03:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=95138564acbc347c0a5f4f86d9280e3ab1484fd2'/>
<id>urn:sha1:95138564acbc347c0a5f4f86d9280e3ab1484fd2</id>
<content type='text'>
</content>
</entry>
<entry>
<title>notify clients about malformed requests</title>
<updated>2022-08-15T13:50:27+00:00</updated>
<author>
<name>Julian Maingot</name>
<email>julianmaingot@gmail.com</email>
</author>
<published>2022-07-31T00:24:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=132f2ececc012cf4744ca5b8044fb637fed96a0c'/>
<id>urn:sha1:132f2ececc012cf4744ca5b8044fb637fed96a0c</id>
<content type='text'>
I think this has been broken for a while and I came across it while
implementing my own client. The server should notify the client that the
request is malformed but wasn't sending the response when SSL_read
returned SSL_ERROR_WANT_READ.
</content>
</entry>
<entry>
<title>serve: make hostname matching case-insensitive</title>
<updated>2021-11-15T20:07:23+00:00</updated>
<author>
<name>William Casarin</name>
<email>jb55@jb55.com</email>
</author>
<published>2021-11-15T18:25:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=1925bc3e7a131dfcb1c6152c80675deb2a067020'/>
<id>urn:sha1:1925bc3e7a131dfcb1c6152c80675deb2a067020</id>
<content type='text'>
Reported-by: James Tomasino &lt;james@tomasino.org&gt;
Signed-off-by: William Casarin &lt;jb55@jb55.com&gt;
</content>
</entry>
<entry>
<title>set session id context</title>
<updated>2021-08-27T07:48:07+00:00</updated>
<author>
<name>mbays</name>
<email>mbays@sdf.org</email>
</author>
<published>2021-08-26T16:52:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=57835017523fbd269594bb63c2628017e11eb423'/>
<id>urn:sha1:57835017523fbd269594bb63c2628017e11eb423</id>
<content type='text'>
This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
</content>
</entry>
<entry>
<title>Check index before serving autoindex</title>
<updated>2021-06-21T12:42:29+00:00</updated>
<author>
<name>Karmanyaah Malhotra</name>
<email>karmanyaahm@gmail.com</email>
</author>
<published>2021-06-21T07:53:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=32854b79c73b278bf33eb5123abf1c36abdc7c01'/>
<id>urn:sha1:32854b79c73b278bf33eb5123abf1c36abdc7c01</id>
<content type='text'>
if a directory is being served.
</content>
</entry>
<entry>
<title>Support REMOTE_USER in CGI</title>
<updated>2021-06-17T13:52:50+00:00</updated>
<author>
<name>dece</name>
<email>shgck@pistache.land</email>
</author>
<published>2021-06-17T11:25:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=9f2481dcdf60387e57cfe357bc8d04997c967e57'/>
<id>urn:sha1:9f2481dcdf60387e57cfe357bc8d04997c967e57</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Support TLS_CLIENT_SERIAL_NUMBER in CGI</title>
<updated>2021-06-17T13:52:50+00:00</updated>
<author>
<name>dece</name>
<email>shgck@pistache.land</email>
</author>
<published>2021-06-17T11:25:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=d7bd3c6a0db4c79f244d8880d86a899eb0f8ca01'/>
<id>urn:sha1:d7bd3c6a0db4c79f244d8880d86a899eb0f8ca01</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Use strncpy to build TLS_CLIENT_HASH</title>
<updated>2021-06-17T13:52:49+00:00</updated>
<author>
<name>dece</name>
<email>shgck@pistache.land</email>
</author>
<published>2021-06-17T11:25:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=0bf3cde2a0a5554651867ade37daafcea49c9409'/>
<id>urn:sha1:0bf3cde2a0a5554651867ade37daafcea49c9409</id>
<content type='text'>
strncat on an uninitialized array leads to issues.
</content>
</entry>
</feed>
