~fkfd/picross

TOFU: Create file if it didn't exist v1 APPLIED

Zach DeCook: 1
 TOFU: Create file if it didn't exist

 1 files changed, 2 insertions(+), 0 deletions(-)
I think actually the TOFU code in this project is bad.
It sends two requests to the server, of which, only the first has the certificate checked (a MITM could let the first request pass, then intercept the second-- which is the one which actually carries the data).

Also, I believe the first request (made by ssl.getCertificate) is not a valid gemini request. Most servers allow it to work, but notably gmnisrv doesn't. I think that behavior is described by https://lists.sr.ht/~sircmpwn/gmni-discuss/%3C053b05cef8f6918e1d5caa47d44dc70b8311f91d.camel%40mycanofbeans.com%3E#%3CC7CNVUUNIV1G.2Q9ITTBUGVV68@taiga%3E
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~fkfd/picross/patches/15380/mbox | git am -3
Learn more about email & git

[PATCH] TOFU: Create file if it didn't exist Export this patch

---

Notes:
    Note that we should probably support ~/.local/share/gemini/known_hosts
    (but that uses a different fingerprint format, so we may have to mind for backwards compatibility)

 picross/tofu.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/picross/tofu.py b/picross/tofu.py
index d2fc3d8..f188e9a 100644
--- a/picross/tofu.py
+++ b/picross/tofu.py
@@ -36,6 +36,8 @@ class TofuDatabase:
    def read(self) -> list:
        """Reads all TOFU entries from DB
        """
        if not self.db_file.exists():
            open(self.db_file, 'a').close()
        with open(self.db_file) as f:
            reader = csv.reader(f)
            tofu_entries = [
-- 
2.29.2