Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv6 as the hostname? #345

Open
d47081 opened this issue Apr 19, 2024 · 4 comments
Open

IPv6 as the hostname? #345

d47081 opened this issue Apr 19, 2024 · 4 comments

Comments

@d47081
Copy link

d47081 commented Apr 19, 2024
edited
Loading

Hello, I have following error by providing IPv6 address as the --hostname xxx:xxxx:xxxx:xxxx::xxxx

invalid domain character

In my case, there is no needs for domain name because using Yggdrasil address.
But I must to setup TLS because of Gemini protocol dependency
@Johann150
Copy link
Collaborator

An IPv6 address is not a hostname (i.e. domain name), so the error message is correct.

The meaning of the --hostname flag is to check that the request was made to the right host. The flag is optional and if you do not pass it, agate will serve files for any hostname and assume it was correct. Not using the --hostname flag means you have to make a certificate yourself.

I'm not familiar with Yggdrasil so I'm not sure what the reason is for not using a hostname. I'm not sure if it is possible to have a certificate for an IP address, even if it is self signed. At least agate will definitely not generate one for you. So I think you might want to pick a DNS name anyway, if you can.

Alternatively you can come up with a TLS certificate on your own and place it in the certificates directory. See also the README file section on certificates, you would probably want to place the files directly in the certificate directory:

The certificates directory may directly contain a key and certificate pair, this is the default pair used if no other matching keys are present.

@d47081
Copy link
Author

d47081 commented Apr 19, 2024

I can launch this server with IPv6 in CN

openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.pem -days 1 -nodes -subj "/CN=IP"

But I can't apply same certificates for Agate

@Johann150
Copy link
Collaborator

That command creates a key.rsa and cert.pem file which agate will not read, because it is looking for cert.der and key.der. Further, those files are encoded as PEM (text format, usually recognizable by starting with e.g. -----BEGIN CERTIFICATE-----, and file(1) identifies it as "ASCII text"), but agate uses the DER format (a binary format). This is also mentioned in the README file:

The certificate has to be a X.509 certificate in a DER format file [...].

You can change the certificate to be outputted in DER format by adding -outform DER. While there is also a -keyform DER option, it seem to be ignored on my system. Instead you can convert the key from PEM to DER using openssl too.

openssl req -x509 -newkey rsa:4096 -keyout key.rsa -out cert.der -outform DER -days 1 -nodes -subj "/CN=IP"
openssl pkey -in key.rsa -outform DER -out key.der

@d47081
Copy link
Author

d47081 commented Apr 19, 2024

Thanks, generated new certificate with command above but solution with IPv6 in CN not works :/

"" 00 "TLS error" error:unexpected error: no server certificate chain resolved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Johann150 @d47081