From 670ccaab7320203f41515e530d881895c4196c63 Mon Sep 17 00:00:00 2001 From: gegeweb Date: Fri, 1 Jan 2021 09:47:00 +0100 Subject: [PATCH 1/4] add FreeBSD startup script closes #13 --- tools/startup.sh | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 tools/startup.sh diff --git a/tools/startup.sh b/tools/startup.sh new file mode 100644 index 0000000..ce9ea8f --- /dev/null +++ b/tools/startup.sh @@ -0,0 +1,53 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: agate +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add these lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# agate_enable (bool): Set to NO by default. +# Set it to YES to enable agate. +# agate_user: default www +# agate_content: default /usr/local/www/gemini +# agate_key: default /usr/local/etc/gemini/ssl/key.rsa +# agate_cert: default /usr/local/etc/gemini/ssl/cert.pem +# agate_hostname: e.g., gemini.example.tld, default hostname +# agate_addr: default [::], listen on IPV4 and IPV6 +# agate_port: default 1965 +# agate_lang: default en_US +# agate_logfile: default /var/log/gemini/agate.log + +. /etc/rc.subr + +desc="Agate Gemini server" +name=agate +rcvar=$name_enable + +load_rc_config $name + +: ${agate_enable:="NO"} +: ${agate_user:="www"} +: ${agate_content:="/usr/local/www/gemini/"} +: ${agate_key:="/usr/local/etc/gemini/ssl/key.rsa"} +: ${agate_cert:="/usr/local/etc/gemini/ssl/cert.pem"} +: ${agate_hostname:=`uname -n`} +: ${agate_addr:="[::]"} +: ${agate_port:="1965"} +: ${agate_lang:="en-US"} +: ${agate_logfile:="/var/log/gemini/agate.log"} + +agate_user=${agate_user} + +command="/usr/local/bin/agate" +command_args="--content ${agate_content} \ + --key ${agate_key} \ + --cert ${agate_cert} \ + --addr ${agate_addr}:${agate_port} \ + --hostname ${agate_hostname} \ + --lang ${agate_lang} >> ${agate_logfile} 2>&1 &" + +run_rc_command "$1" From 03325ba1a4bc9aa53aa3312217d88e085fc817f1 Mon Sep 17 00:00:00 2001 From: Johann150 Date: Tue, 9 Feb 2021 11:26:55 +0100 Subject: [PATCH 2/4] add flag for only TLSv1.3 closes #12 --- README.md | 4 ++++ src/main.rs | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 2afe1b8..06dd0da 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,10 @@ When a client requests the URL `gemini://example.com/foo/bar`, Agate will respon ## Configuration +### TLS versions + +Agate by default supports TLSv1.2 and TLSv1.3. You can disable support for TLSv1.2 by using the flag `--only-tls13` (or its short version `-3`). This is *NOT RECOMMENDED* as it may break compatibility with some clients. The Gemini specification requires compatibility with TLSv1.2 "for now" because not all platforms have good support for TLSv1.3 (cf. ยง4.1 of the specification). + ### Directory listing You can enable a basic directory listing for a directory by putting a file called `.directory-listing-ok` in that directory. This does not have an effect on subdirectories. diff --git a/src/main.rs b/src/main.rs index 3a70fa7..89e5985 100644 --- a/src/main.rs +++ b/src/main.rs @@ -74,6 +74,7 @@ struct Args { silent: bool, serve_secret: bool, log_ips: bool, + only_tls13: bool, } fn args() -> Result { @@ -117,6 +118,7 @@ fn args() -> Result { ); opts.optflag("s", "silent", "Disable logging output"); opts.optflag("h", "help", "Print this help menu"); + opts.optflag("3", "only-tls13", "Only use TLSv1.3 (default also allows TLSv1.2)"); opts.optflag( "", "serve-secret", @@ -153,6 +155,7 @@ fn args() -> Result { silent: matches.opt_present("s"), serve_secret: matches.opt_present("serve-secret"), log_ips: matches.opt_present("log-ip"), + only_tls13: matches.opt_present("only-tls13"), }) } @@ -175,6 +178,9 @@ fn acceptor() -> Result { let mut keys = pkcs8_private_keys(&mut BufReader::new(key_file)).or(Err("bad key"))?; let mut config = ServerConfig::new(NoClientAuth::new()); + if ARGS.only_tls13 { + config.versions = vec![rustls::ProtocolVersion::TLSv1_3]; + } config.set_single_cert(certs, keys.remove(0))?; Ok(TlsAcceptor::from(Arc::new(config))) } From a9588350a0dccdaa31218584382464a20dedebbd Mon Sep 17 00:00:00 2001 From: Johann150 Date: Tue, 9 Feb 2021 15:01:26 +0100 Subject: [PATCH 3/4] format using cargo fmt --- src/main.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/main.rs b/src/main.rs index 89e5985..545839f 100644 --- a/src/main.rs +++ b/src/main.rs @@ -118,7 +118,11 @@ fn args() -> Result { ); opts.optflag("s", "silent", "Disable logging output"); opts.optflag("h", "help", "Print this help menu"); - opts.optflag("3", "only-tls13", "Only use TLSv1.3 (default also allows TLSv1.2)"); + opts.optflag( + "3", + "only-tls13", + "Only use TLSv1.3 (default also allows TLSv1.2)", + ); opts.optflag( "", "serve-secret", @@ -129,7 +133,7 @@ fn args() -> Result { let matches = opts.parse(&args[1..]).map_err(|f| f.to_string())?; if matches.opt_present("h") { let usage = opts.usage(&format!("Usage: {} [options]", &args[0])); - return Err(usage.into()) + return Err(usage.into()); } let hostname = match matches.opt_str("hostname") { Some(s) => Some(Host::parse(&s)?), @@ -338,7 +342,7 @@ impl RequestHandle { Ok(file) => file, Err(e) => { self.send_header(51, "Not found, sorry.").await?; - return Err(e.into()) + return Err(e.into()); } }; From 8683d7130c7172d3faa6585c37a906bc3fd3112a Mon Sep 17 00:00:00 2001 From: Johann150 <20990607+Johann150@users.noreply.github.com> Date: Tue, 9 Feb 2021 16:00:29 +0100 Subject: [PATCH 4/4] move startup script to right directory --- tools/{ => freebsd}/startup.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tools/{ => freebsd}/startup.sh (100%) diff --git a/tools/startup.sh b/tools/freebsd/startup.sh similarity index 100% rename from tools/startup.sh rename to tools/freebsd/startup.sh