Call CreateCertificate for missing certificates

1 files changed, 14 insertions, 3 deletions

diff --git a/server.go b/server.go
index 5a466ed..1834bfa 100644
--- a/server.go
+++ b/server.go
@@ -22,11 +22,12 @@ type Server struct {
 	Certificates CertificateStore
 
 	// CreateCertificate, if not nil, will be called to create a new certificate
-	// if the current one is expired.
+	// if the current one is expired or missing.
 	CreateCertificate func(hostname string) (tls.Certificate, error)
 
 	// registered responders
 	responders map[responderKey]Responder
+	hosts      map[string]bool
 }
 
 type responderKey struct {
@@ -54,6 +55,7 @@ func (s *Server) Register(pattern string, responder Responder) {
 	}
 	if s.responders == nil {
 		s.responders = map[responderKey]Responder{}
+		s.hosts = map[string]bool{}
 	}
 
 	split := strings.SplitN(pattern, "://", 2)
@@ -70,6 +72,7 @@ func (s *Server) Register(pattern string, responder Responder) {
 		panic("gemini: multiple registrations for " + pattern)
 	}
 	s.responders[key] = responder
+	s.hosts[key.hostname] = true
 }
 
 // RegisterFunc registers a responder function for the given pattern.
@@ -129,7 +132,8 @@ func (s *Server) Serve(l net.Listener) error {
 }
 
 func (s *Server) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
-	cert, err := s.Certificates.Lookup(h.ServerName)
+	hostname := h.ServerName
+	cert, err := s.Certificates.Lookup(hostname)
 	if err == ErrCertificateUnknown {
 		wildcard := strings.SplitN(h.ServerName, ".", 2)
 		if len(wildcard) == 2 {
@@ -137,7 +141,14 @@ func (s *Server) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error
 		}
 	}
 
-	if err == ErrCertificateExpired {
+	switch err {
+	case ErrCertificateUnknown:
+		if _, ok := s.hosts[hostname]; !ok {
+			break
+		}
+		fallthrough
+
+	case ErrCertificateExpired:
 		if s.CreateCertificate != nil {
 			cert, err := s.CreateCertificate(h.ServerName)
 			if err == nil {