work in progress

netcache.py

@@ -459,12 +459,15 @@ def _fetch_gemini(url):
     context = ssl.SSLContext(protocol)
 
         # Use CAs or TOFU
-        if self.options["tls_mode"] == "ca":
-            context.verify_mode = ssl.CERT_REQUIRED
-            context.check_hostname = True
-            context.load_default_certs()
-        else:
-            context.check_hostname = False
+        #TODO : should we care about this options?
+        #if self.options["tls_mode"] == "ca":
+        #    context.verify_mode = ssl.CERT_REQUIRED
+        #    context.check_hostname = True
+        #    context.load_default_certs()
+        #else:
+        #    context.check_hostname = False
+        #    context.verify_mode = ssl.CERT_NONE
+    context.check_hostname=False
     context.verify_mode = ssl.CERT_NONE
     # Impose minimum TLS version
     ## In 3.7 and above, this is easy...
@@ -483,6 +486,8 @@ def _fetch_gemini(url):
     except ssl.SSLError:
         # Rely on the server to only support sensible things, I guess...
         pass
+
+    #TODO: I’m here in the refactor
         # Load client certificate if needed
         if self.client_certs["active"]:
             certfile, keyfile = self.client_certs["active"]