Successful TLS 1.2 handshake
Successful GET request header exchange
Successful body download
header parsing
URL parser
DNS resolving
MIME parsing
All of the correct heading handling
Follow absolute redirects
Follow relative redirects
Pretty-printing and guidance messages for failed requests
TOFU (trust on first use) for SSL connections
Implement primitive TOFU (store public key, not certificate)
Implement correct TOFU (trust on first use) for SSL connections
Client certificates
temporary cert
permanent cert
Use XDG directories
Implement windows port
Port zig-network to windows
Implement correct config directory locating for windows
Trust Anchor support for windows

Dependencies

Zig 0.6.0 or newer
BearSSL (provided as submodule)
zig-network (provided as submodule)

Build Instructions

Refresh submodules (git submodule init, git submodule update)
Build gurl (zig build)
Run ./zig-cache/bin/gurl

Design Considerations

Give the user control over their system and make configuration easy.

Certificate Trust

accept any certificate
auto-accept the cert on first use (TOFU)
use CAs or ask user on first sight (TOFU+CA)
always ask on first sight (interactive TOFU)
auto-accept when first seen in a session (TOFU, no disk usage)
always ask when first seen in a session (interactive TOFU, no disk usage)

Future Plans

Correctly adhere to XDG standards and use xdg-open

TOFU Notes

Current implementation just stores the public key of the server and not the certificate with fingerprint and everything

That certificate's fingerprint and expiry date are saved in a persistent database (like the .known_hosts file for SSH), associated with the server's hostname.

Client Certificate Process

Wait for specification update

Tools

Connect with OpenSSL:

openssl s_client --connect domain.name -quiet -verify_quiet

Dump DER certificate information:

openssl x509 -in trust-store/mozz.us/cert-1.der -inform der -text

Convert DER to PEM:

openssl x509 -inform der -in trust-store/gemini.conman.org/cert-0.der -out conman.pem