Response::success should just have the additional body parameter. It should be comparatively rare that one wants to send an empty body and it still can be achieved by simply passing vec![].

#18 (comment)

https://github.com/panicbit/northstar/blob/75a1cd1eb5e2720b247a802f2f8edcc67bf4a624/src/util.rs#L97

https://github.com/panicbit/northstar/blob/75a1cd1eb5e2720b247a802f2f8edcc67bf4a624/src/types/request.rs#L24-L33

It should contain mention of the CHANGELOG.md.

Timeouts are crucial to prevent trivial DOS attacks.
It is however unclear how exactly they should be integrated into the API, especially with regards to Responses.

The current timeout of 1 second for sending the response to the client is a bit too short.
I suggest raising it to 30 seconds for now, since it is still shared with the timeout for receiving the request.

See #17 (comment)

Hello! I've been writing a small gemini client and I believe a lot of the functionality in the types directory could be used as a standalone library. Is that something that would be of interest at all?

This issue is referring to the crash referenced by #3, wherein any authenticated connections from Kristall to northstar crash with the error

[2020-11-22T01:47:23Z ERROR northstar] Failed to establish TLS session
    
    Caused by:
        invalid certificate: BadDER

As best as I can tell, the backtrace for this error looks something like this: (all line numbers are as of 0ca71e4)

• error caught & printed in the lambda in Server::serve() (lib.rs:60)
• Error caused by a failed handshake in tokio_rustls::TlsAcceptor::accept() in Server::serve_client() (lib.rs:69)
• This in turn is caused by a failed call to webpki::EndEntityCert::from(), although I'm not sure where from
• This method is backed by a call to the internal function webpki::cert::parse_cert_internal(), but why exactly is anyone's guess

parse_cert_internal() throws webpki::Error::BadDER a million and one times throughout it's execution, and it would be a real hassle to figure out which on is ours. I'm honestly kinda stumped on how to go about debugging this or asking for help, since I'm assuming:

• Kristall devs would turn us away because their client works with all the other servers
• rustls devs would turn us away because accepting client certs without a central trust authority isn't officially supported behaviour
• webpki devs would turn us away because this is such a niche issue (This specific go client connecting to this specific library with a self-signed client certificate in order to use this pretty obscure smallnet protocol causes a crash)

But honestly I don't know enough about whatever a DER file is supposed to look like to go through and identify if the certificate is invalid or if there's an issue with the stream or if there's an issue with the client library.

Any ideas on how to move forward? Kristall is the only GUI client supporting client certs (afaik), and definitely the most popular one, so I'd hate to release an app that couldn't support it, but at the same time, where the hell even is this bug???

Recreation Details

• Generate server certs using the command in the README
• Run the certificates example (although this should work with any program that prompts the user to connect with a client cert)
• Connect with Kristall, and activate a client certificate.
• Connection should timeout, and an error should appear in the server log.

I am using this Cargo.lock, and Kristall version v0.3, built and run on Fedora 33

All instances of ? should be prefaced with a .context() (or similar) to make errors actually useful.

Probably Travis, but I'm open to try something else (except Github Actions).

According to the spec, meta strings 1024 bytes:

<META> is a UTF-8 encoded string of maximum length 1024 bytes, whose meaning is <STATUS> dependent.
[...]
If a server sends a which is not a two-digit number or a <META> which exceeds 1024 bytes in length, the client SHOULD close the connection and disregard the response header, informing the user of an error.

See 3.1 Response headers.

As such Meta::new should reject strings that exceed 1024 bytes and Meta::new_lossy should truncate to 1024 bytes.

At the very minimum, the current crates.io version should be visible.

Hello! I'm having some difficulty running the server. The error appeared in my original code, but it seems to happen in the example too. I've put some sample code that produces it below, heavily based on the example code.

use anyhow::*;
use futures::{future::BoxFuture, FutureExt};
use northstar::{Server, Request, Response, GEMINI_PORT};

#[tokio::main]
async fn main() {
    let result = Server::bind(("localhost", GEMINI_PORT))
        .serve(handle_request)
        .await;

    if let Err(e) = result {
        for e in e.chain() {
            println!("{:?}", e);
        }
    }
}

fn handle_request(request: Request) -> BoxFuture<'static, Result<Response>> {
    async move {
        let path = request.path_segments();
        let response = northstar::util::serve_dir("public", &path).await?;

        Ok(response)
    }
    .boxed()
}

And the output is:

Os { code: 2, kind: NotFound, message: "No such file or directory" }

Which also renders as

Error: No such file or directory (os error 2)

when the actual example program is run. I very quickly peeked through the source code, but I don't really know where it's coming from. It might be worth noting that the handle_request method is never run.

Any help is appreciated. I'm running 0.1.0 off of crates.io.

The guess_mime crate can detect a wider range of mime types by file extension.

It should be integrated into the guess_mime_from_path method:

https://github.com/panicbit/northstar/blob/5f96cbc5e6a7626f2b263d368ce926bacacaaa33/src/util.rs#L88-L103

As far as I can tell, the Gemini MIME is not included in guess_mime, so it still needs to be supported as a special case.

Hello,

This library looks really awesome and I would like to use this library in a server I'm considering writing, but I would like to know what the intended license is, and if one will be added. Without a license the code is currently All Rights Reserved which limits the license I can chose and potentially the legality of using the library in general.

If you're unsure which license, if any, you want to use with this library I've found this article to be very helpful:
https://man.sr.ht/license.md

Thank you,

Andrew

Create an API that allows easier creation of Gemini documents.

gemini_mime() is a bit inconvenient as it returns a Result. Considering that the function doesn't take parameter's and is side-effect free, it should either always succeed or always fail, depending on the correctness of the impl. The correctness of the impl can however be asserted using tests. Furthermore, there is no need to parse the mime over and over, so a lazy_static can be used.

Travis introduced annoying limits and ceremonies around their OSS plan and silently denies service if you run out of credits.
CI should probably be moved to GitHub Actions.