### We require SNI!
The Gemini spec requires clients to implement SNI. This server requires SNI to connect.

```sh
echo "gemini://localhost/\r" | openssl s_client -connect "localhost:1965" # WILL FAIL
```
If you want to use `openssl s_client` to debug, you must pass the `-servername` option so that openSSL will send a hostname to the server.

```sh
echo "gemini://localhost/\r" | openssl s_client -connect "localhost:1965" -servername "localhost" # All good!
```



There are a lot of paths.

A `urlPath` is the absolute path given in the Gemini request (new URL().pathname)

A `basePath` is the first argument to register path. We match the `urlPath` against a basePath when determining how to handle a request.

A `relativePath` is the difference between a `basePath` and a `urlPath`. It's normally `""`.

Sometimes these paths will include their hostnames

A path in the pathRegistry is a `p`, which is an object with a hostname, a basePath, and a handler 



### Creating certificates for dev

```sh
# Generate private key
openssl genrsa -out private-key.pem 2048
# Generate cert. signing request
# All fields can be left blank except for Common Name, where I enter "localhost"
openssl req -new -sha256 -key private-key.pem -out csr.pem
# Self-sign, generating cert
openssl x509 -req -in csr.pem -signkey private-key.pem -out public-cert.pem
```


# TODO
It's possible to imagine a situation where astronomical theater is behind a proxy and the proxy doesn't do address translation, passing the raw gemini request to us.
In this case, our behavior is undefined.

Similarly, SNI is not supported with IP addresses.