From 5176ff715a1b98db374491e423da58a60392c2b8 Mon Sep 17 00:00:00 2001
From: yggverse <yggverse@project>
Date: Sat, 23 Nov 2024 20:49:03 +0200
Subject: [PATCH] require TLS close_notify, add comments

---
 src/app/browser/window/tab/item/page.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/app/browser/window/tab/item/page.rs b/src/app/browser/window/tab/item/page.rs
index b8529f22..6879c1fa 100644
--- a/src/app/browser/window/tab/item/page.rs
+++ b/src/app/browser/window/tab/item/page.rs
@@ -433,16 +433,25 @@ impl Page {
             certificate: Option<TlsCertificate>,
         ) -> impl IsA<IOStream> {
             if let Some(certificate) = certificate {
+                // https://geminiprotocol.net/docs/protocol-specification.gmi#the-use-of-tls
                 let tls_connection =
                     TlsClientConnection::new(&connection, Some(&connectable)).unwrap(); // @TODO handle
+
+                // https://geminiprotocol.net/docs/protocol-specification.gmi#client-certificates
                 tls_connection.set_certificate(&certificate);
 
+                // @TODO handle exceptions
+                // https://geminiprotocol.net/docs/protocol-specification.gmi#closing-connections
+                tls_connection.set_require_close_notify(true);
+
                 // @TODO manual validation
                 // https://geminiprotocol.net/docs/protocol-specification.gmi#tls-server-certificate-validation
                 tls_connection.connect_accept_certificate(move |_, _, _| true);
 
+                // Take encrypted I/O stream
                 tls_connection.upcast::<IOStream>()
             } else {
+                // Take default I/O stream
                 connection.upcast::<IOStream>()
             }
         }