From 43123a060633149836de6d9b1edaa050c0f69893 Mon Sep 17 00:00:00 2001 From: swee Date: Tue, 14 Jan 2025 20:36:26 -0800 Subject: [PATCH] Update server.py --- server.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/server.py b/server.py index 97fcded..fe78904 100644 --- a/server.py +++ b/server.py @@ -40,7 +40,9 @@ def loadcert(): random_name = ''.join(random.choice(string.ascii_lowercase+string.digits+string.ascii_uppercase) for i in range(8)) cert.save(homefolder + "/certs/" + randomname + "-chain.pem") privkey.save(homefolder + "/certs/" + randomname + "-privkey.pem") - return redirect("/") + resp = make_response("Success!") + resp.set_cookie('certname',random_name) + return resp else: return "Both files must be a .pem file, you might want to generate a certificate via the home page." else: @@ -87,6 +89,7 @@ def relay(): print(request.headers.get('User-Agent')) url = request.args.get('gemini') queries = request.args.get('query') + certfile = request.cookies.get('certname') if url == None: return redirect("/") code = "

Something went wrong...

\n" @@ -95,7 +98,13 @@ def relay(): try: gsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) fulladdr = "gemini://" + url + ("?" + queries if queries != None else "") - gemsocket = ssl._create_unverified_context().wrap_socket(gsocket, server_hostname=urlparse(fulladdr).hostname) + contx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + if certfile: + contx.load_cert_chain(certfile=homefolder + "/certs/" + certfile + "-chain.pem", keyfile=homefolder + "/certs/" + certfile + "-privkey.pem"); + context.load_verify_locations(cafile=ssl.CERT_AU); + context.verify_mode = ssl.CERT_OPTIONAL + contx.check_hostname = False; + gemsocket = contx.wrap_socket(gsocket) gemsocket.connect((urlparse(fulladdr).hostname, 1965)) gemsocket.send(bytes(fulladdr + "\r\n", "UTF-8")) received = ""