From Newsgroup: alt.privacy.anon-server
-----BEGIN YUBISIGNER SIGNED MESSAGE-----
Hash: SHA256
Moved servers,
and every Gemini capsule started screaming "untrusted server."
Why: my old server (agate) only does self-signed TOFU certs, no CA chain and clients had the old fingerprints pinned, so they rejected the new ones too.
Fix: patched gmnisrv to send a full Let's Encrypt chain, forced TLS 1.3, and fixed a crash where a big chain overflowed the handshake buffer (a free DoS on a public port). Renewals auto-reload now.
Patched fork:
https://git.virebent.art/virebent/gmnisrv
Live, CA-verified, TLS 1.3:
- gemini://contact.virebent.art
- gemini://virebent.art
- gemini://archives.virebent.art
- gemini://n5ry24fweklbn562o7fnyefanygtwxlgi7aevn26huuxqlsftxy5ljqd.onion (self-signed rCo
If your client grumbles once about a changed cert, accept it. That's TOFU.
Best regards and have fun !
--
Gabx
Author: Gab Virebent
Signed at: 2026-06-26 17:31:21 +0000
Filename: m2n-msg.Nq8GsT
File size: 814 bytes
Email:
gabriel1@virebent.art
Telefax: n/a
URL:
https://contact.virebent.art
Comment: Posted via NeoMutt mail2news
RIPEMD-256: 0b4274e72ed70206fd2394b1fb3fed0c280eae0c80a63ec5b54a89c9b611400b
SHA-256: 39e5793105f9cfb125054c7a249f4d6dbb78176d5ef8bee08c1422605ecd9ff9
SM3: 22bb704103885b9b7db78ed4be33e23b71568dd1a6ade1df62c63d56a2bc476b Streebog-256: 5dcfdabde2f4af06183c2162626563ceb0d0be6487721556ca8b29a538236221 -----BEGIN YUBISIGNER ED25519 SIGNATURE----- 016a3022f054b794469ed0178235afd551ac9537e5c4a787ceaec8ce6bc29a8a b092672f03ec7151186ca189f4908e53e0436b84a776d94ce82219f536540da8 483f2dcf81699ceddc9fac6d50f156fb07763a25363ee62d56f45e26dfbd0a0c
-----END YUBISIGNER ED25519 SIGNATURE-----
--- Synchronet 3.22a-Linux NewsLink 1.2