-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server "IPv6"? #25
Comments
Found this in logs:
I've tried to add this option, but not helps, and Here is my config also:
|
Without knowing how Yggdrasil works, I think the issue is that the client connecting to gmid is not providing any SNI (server name indication). gmid relies on the client to use SNI to understand to which virtual host the client wants to talk to, and from my understanding IPv4 or IPv6 bare addresses can't be used as host names in TLS. I'm not sure whether gmid should gracefully handle the omission of the SNI, as it's mandatory per the gemini specification. On the other hand, I see how this could be useful for some niche use-cases. I guess that for your use-case with Yggdrasil you can't use an hostname? |
Yggdrasil works like any IPv6 interface, but in 'death' Just interesting, does gmid support IPv6 in the names? If yes - it will support Yggdrasil also. |
Well, the gemini specification says that
and I probably missed the "where the authority section is a hostname", which seems to imply that it's also OK to make requests without SNI if you want to talk to a bare IPv4 or IPv6 address. At the moment gmid always require a SNI from the client, I'll see what can be done to relax this requirement. Thanks! |
There are legitimate cases where SNI can't be used, for example when connecting via an IPv6 address, so don't rejects those requests. Instead, fill the requested domain with the address (literal) of the socket they're connected to and attempt to match on it. This possibly still incur in a "won't proxy" error if the client then requests a different hostname. See the github issue #25
I believe this is now fixed. I've relaxed the requirements for SNI in 1ef0cd0 and then added support for IPv6 addresses in the IRI parsing code in b00f71b, and added some tests. I've tested this configuration
and works for me. Don't wrap IPv6 addresses in braces |
I'm using Yggdrasil, and want to host capsule without regular domain name.
By defining in config IPv6, e.g.
server "[xxx:xxxx:xxxx:xxxx:xx]"
- get incomplete header error.With
/etc/hosts
it works using domain alias but with IP notThe text was updated successfully, but these errors were encountered: