<feed xmlns='http://www.w3.org/2005/Atom'>
<title>gmnisrv/include/config.h, branch main</title>
<subtitle>Fork of gmnisrv (Gemini server): full CA certificate chain (Lets Encrypt), TLS 1.3 only, handshake buffer-overflow fix
</subtitle>
<id>https://git.virebent.art/virebent/gmnisrv/atom?h=main</id>
<link rel='self' href='https://git.virebent.art/virebent/gmnisrv/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/'/>
<updated>2026-06-26T17:20:00+00:00</updated>
<entry>
<title>Serve CA full chain (Let's Encrypt), TLS 1.3, fix handshake buffer overflow</title>
<updated>2026-06-26T17:20:00+00:00</updated>
<author>
<name>Gab Virebent</name>
<email>gab@virebent.art</email>
</author>
<published>2026-06-26T17:20:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=fb48d1308d2f63f8e9b23c5d1d921783fa0dacbe'/>
<id>urn:sha1:fb48d1308d2f63f8e9b23c5d1d921783fa0dacbe</id>
<content type='text'>
- tls.c/config.h: read full PEM chain into STACK_OF(X509), send via SSL_set1_chain
- tls.c: minimum protocol TLS 1.2 -&gt; TLS 1.3
- server.c: drain handshake output via local buffer loop instead of staging
  into the fixed 4 KB client buffer (a full CA chain overflowed it -&gt; assert)
- FORK.md: describe the fork
</content>
</entry>
<entry>
<title>implement handling of ROUTE_EXACT definitions</title>
<updated>2021-01-29T13:55:43+00:00</updated>
<author>
<name>René Wagner</name>
<email>rwagner@rw-net.de</email>
</author>
<published>2021-01-27T19:57:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=32913c35cd5f36b00056d3e239c0e85f1f0ed000'/>
<id>urn:sha1:32913c35cd5f36b00056d3e239c0e85f1f0ed000</id>
<content type='text'>
This patchset implements the handling of exact routes
as described in gmnisrvini(5).
</content>
</entry>
<entry>
<title>Implement URL rewrites with regex capture groups</title>
<updated>2020-11-01T16:19:51+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-11-01T16:19:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=dc6e4e80c0b0a3950594e32db7cff1b2db24d75c'/>
<id>urn:sha1:dc6e4e80c0b0a3950594e32db7cff1b2db24d75c</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Initial pass on regex routing support</title>
<updated>2020-10-30T02:47:56+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-10-30T02:47:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=7e8a9537949f298eef026f6b97b8c349a9b56ea0'/>
<id>urn:sha1:7e8a9537949f298eef026f6b97b8c349a9b56ea0</id>
<content type='text'>
All this does is parse the regexes out of the config file.

I've vendored libregexp from Bellard's quickjs project, because it's
reasonably small and self-contained, and POSIX regexes don't support
captures. We're eventually going to want captures for URL rewrites, so
this'll do for now.
</content>
</entry>
<entry>
<title>Initial support for CGI scripts</title>
<updated>2020-10-26T03:16:50+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-10-26T03:16:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=cc1bd152e30e14827d2a002fef99384f418c22ab'/>
<id>urn:sha1:cc1bd152e30e14827d2a002fef99384f418c22ab</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Initial implementation of a routing table</title>
<updated>2020-10-26T01:46:01+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-10-26T01:46:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=8baeb5a51c4dfa03956887ade2ef77295f17c95e'/>
<id>urn:sha1:8baeb5a51c4dfa03956887ade2ef77295f17c95e</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Remove [:tls] email directive</title>
<updated>2020-09-26T20:41:11+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-09-26T20:41:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=fc036335eb8d32ad991874aac364752b68a43a24'/>
<id>urn:sha1:fc036335eb8d32ad991874aac364752b68a43a24</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Implement autoindex option</title>
<updated>2020-09-26T19:51:28+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-09-26T19:51:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=6bc9c4deb90e8daa228d792b23a3e61b7bebdb78'/>
<id>urn:sha1:6bc9c4deb90e8daa228d792b23a3e61b7bebdb78</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Implement TLS exchange with clients</title>
<updated>2020-09-24T23:58:41+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-09-24T23:58:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=fa69887e52201eb348f1bfbecf72bdab5c57bd9c'/>
<id>urn:sha1:fa69887e52201eb348f1bfbecf72bdab5c57bd9c</id>
<content type='text'>
This probably leaves a bit to be desired tbh
</content>
</entry>
<entry>
<title>tls: move cert/key into host structure</title>
<updated>2020-09-24T21:55:10+00:00</updated>
<author>
<name>Drew DeVault</name>
<email>sir@cmpwn.com</email>
</author>
<published>2020-09-24T21:55:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.virebent.art/virebent/gmnisrv/commit/?id=7af04ea4713770cd19cb9659a59f8758e4207c2c'/>
<id>urn:sha1:7af04ea4713770cd19cb9659a59f8758e4207c2c</id>
<content type='text'>
We'll later want to set these on the SSL object (rather than SSL_CTX),
so move these into the host struct for later access.

We'll prefer to set it on the SSL object so that we can automatically
use an up-to-date certificate, per ~sircmpwn/gmni#26.
</content>
</entry>
</feed>
