Getting user complaints about TLS errors in elinks.
We try to offer a "full certificate", however the chain of trust gets broken as Gemini discourages intermediate certs (and some servers such as agate use DER certificates which disallow even trying to use them)
Clients can validate TLS connections however they like (including not at all) but the strongly RECOMMENDED
approach is to implement a lightweight "TOFU" certificate-pinning system which treats self-signed certificates
as first- class citizens. This greatly reduces TLS overhead on the network (only one cert needs to be sent, not a whole
chain) and lowers the barrier to entry for setting up a Gemini site (no need to pay a CA or setup a Let's Encrypt cron job,
just make a cert and go)."
— Gemini specification at gemini://gemini.circumlunar.space/docs/specification.gmi - § 4.2
Getting user complaints about TLS errors in elinks.
We try to offer a "full certificate", however the chain of trust gets broken as Gemini discourages intermediate certs (and some servers such as agate use DER certificates which disallow even trying to use them)
— Gemini specification at gemini://gemini.circumlunar.space/docs/specification.gmi - § 4.2