[tech] tls user_canceled issue with Java server + Go client

Gary Johnson lambdatronic at disroot.org
Sun Apr 18 01:04:40 BST 2021

Alan <gemini at bunburya.eu> writes:

> When using the Amfora browser, I was unable to view "20" responses,
> getting instead the following error: "/Issuing creating page: remote 
> error: tls: user//canceled/". Unusually, every other response is
> displayed fine.

Hi Alan,

I'm the author of Space-Age, a Gemini server written in Clojure.

=> https://gitlab.com/lambdatronic/space-age/

The tls_user_canceled issue you are running into is coming from the Java
side. It also mystified me last year when I was writing my server since
I was constantly getting that error in elpher (the Emacs Gemini client)
whenever I tried to browse pages from my capsule.

You have to force your SSLSocket to send the tls_close_notify alert to
the client before closing the socket. This is exceptionally poorly
documented in the JSSE Reference Guide, but I eventually figured out the
solution through trial and error.

All you need to do is to make sure you call socket.shutdownOutput()
immediately before calling socket.close().

Here's my function for writing a Gemini response back to the client for reference:

(defn- write-socket! [^SSLSocket socket {:keys [status meta body]}]
  (doto (io/writer socket)
    (.write (str status " " meta "\r\n"))
  (when body
    (with-open [in-stream (io/input-stream (if (string? body)
                                             (.getBytes ^String body)
      (let [out-stream (io/output-stream socket)]
        (.transferTo in-stream out-stream)
        (.flush out-stream))))
  (.shutdownOutput socket))

This is called from another function that then calls socket.close() to
terminate the connection.

Here is my full Gemini server implementation for further reference:

=> https://gitlab.com/lambdatronic/space-age/-/blob/master/src/space_age/server.clj

Happy hacking!

GPG Key ID: 7BC158ED
Use `gpg --search-keys lambdatronic' to find me
Protect yourself from surveillance: https://emailselfdefense.fsf.org
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Why is HTML email a security nightmare? See https://useplaintext.email/

Please avoid sending me MS-Office attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

More information about the Gemini mailing list