From 0f35971493c53704b8f5bf4728c2027720c8c3d3 Mon Sep 17 00:00:00 2001 From: dece Date: Mon, 15 Nov 2021 14:15:07 +0100 Subject: [PATCH] browser/gemini: avoid inf. recursion on code 60 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the server would blindly respond with code 60 even though we present a client certificate, it would trigger an infinite recursive call (open_gemini_url → _handle_response → _handle_cert_required). --- bebop/browser/gemini.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/bebop/browser/gemini.py b/bebop/browser/gemini.py index 4fad561..29f4f8f 100644 --- a/bebop/browser/gemini.py +++ b/bebop/browser/gemini.py @@ -124,7 +124,8 @@ def open_gemini_url( browser.set_status_error(f"Response parsing failed ({url}).") return None - return _handle_response(browser, response, url, redirects) + return _handle_response(browser, response, url, redirects, + used_cert=cert_and_key is not None) def _handle_untrusted_cert(browser: Browser, request: Request): @@ -151,7 +152,8 @@ def _handle_response( browser: Browser, response: Response, url: str, - redirects: int + redirects: int, + used_cert: bool = False, ) -> Optional[str]: """Handle a response from a Gemini server. @@ -175,7 +177,11 @@ def _handle_response( elif response.generic_code == 10: return _handle_input_request(browser, url, response.meta) elif response.code == 60: - return _handle_cert_required(browser, response, url, redirects) + if used_cert: + error = "Server ignored our certificate." + browser.set_status_error(error) + else: + return _handle_cert_required(browser, response, url, redirects) elif response.code in (61, 62): details = response.meta or Response.code.name error = f"Client certificate error: {details}"