Update server.py

server.py

@@ -40,7 +40,9 @@ def loadcert():
             random_name = ''.join(random.choice(string.ascii_lowercase+string.digits+string.ascii_uppercase) for i in range(8))
             cert.save(homefolder + "/certs/" + randomname + "-chain.pem")
             privkey.save(homefolder + "/certs/" + randomname + "-privkey.pem")
-            return redirect("/")
+            resp = make_response("<meta http-equiv=\"refresh\" content=\"0; url=//\" />Success!")
+            resp.set_cookie('certname',random_name)
+            return resp
         else:
             return "Both files must be a .pem file, you might want to generate a certificate via the home page."
     else:
@@ -87,6 +89,7 @@ def relay():
     print(request.headers.get('User-Agent'))
     url = request.args.get('gemini')
     queries = request.args.get('query')
+    certfile = request.cookies.get('certname') 
     if url == None:
         return redirect("/")
     code = "<h1>Something went wrong...</h1>\n"
@@ -95,7 +98,13 @@ def relay():
     try:
         gsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         fulladdr = "gemini://" + url + ("?" + queries if queries != None else "")
-        gemsocket = ssl._create_unverified_context().wrap_socket(gsocket, server_hostname=urlparse(fulladdr).hostname)
+        contx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+        if certfile:
+            contx.load_cert_chain(certfile=homefolder + "/certs/" + certfile + "-chain.pem", keyfile=homefolder + "/certs/" + certfile + "-privkey.pem");
+            context.load_verify_locations(cafile=ssl.CERT_AU);
+            context.verify_mode = ssl.CERT_OPTIONAL
+        contx.check_hostname = False;
+        gemsocket = contx.wrap_socket(gsocket)
         gemsocket.connect((urlparse(fulladdr).hostname, 1965))
         gemsocket.send(bytes(fulladdr + "\r\n", "UTF-8"))
         received = ""