commit f449b0d14010a7e289c1dcf7198d8e66f22742eb
Author: Bùi Thành Nhân <hi@imnhan.com>
Date:   Thu May 28 19:25:51 2020 +0700

    don't check tls cert for now
    
    Turns out there are more self-signed sites than otherwise. Apparently
    the generally accepted way for gemini is trust-on-first-use. Before I
    can implement that properly I'll just turn off cert validation
    completely.

diff --git a/src/mcross/transport.py b/src/mcross/transport.py
index 1b1d547..afa0a5f 100644
--- a/src/mcross/transport.py
+++ b/src/mcross/transport.py
@@ -1,4 +1,5 @@
 import re
+import ssl
 from urllib.parse import urlparse
 
 import curio
@@ -100,9 +101,15 @@ def parse_absolute_url(text):
 
 
 async def raw_get(url: GeminiUrl):
+    # TODO: actually implement TOFU for TLS!
+    # Right now it just accepts whatever
+    context = ssl.create_default_context()
+    context.check_hostname = False
+    context.verify_mode = ssl.CERT_NONE
     sock = await curio.open_connection(
-        url.host, url.port, ssl=True, server_hostname=url.host
+        url.host, url.port, ssl=context, server_hostname=url.host
     )
+
     async with sock:
         await sock.sendall(f"gemini://{url.host}{url.path}\r\n".encode())
         header = (await sock.recv(MAX_RESP_HEADER_BYTES)).decode()