client: Verify expiration time

author: Adnan Maolood <[email protected]> 2020-12-19 13:43:47 -0500
committer: Adnan Maolood <[email protected]> 2020-12-19 13:43:47 -0500
commit: 80ffa728639659c0159e0a26d7e49df9990f761a (patch)
tree: f214010136c2fdc59c066469d56f6e91e93fa97f /client.go
parent: Add ResponseWriter.Flush function (diff)
download: go-gemini-80ffa728639659c0159e0a26d7e49df9990f761a.tar.xz
go-gemini-80ffa728639659c0159e0a26d7e49df9990f761a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/client.go b/client.go
index a0f571a..8c34242 100644
--- a/client.go
+++ b/client.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"net"
 	"strings"
 	"time"
@@ -106,6 +107,10 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
 	if err := verifyHostname(cert, hostname); err != nil {
 		return err
 	}
+	// Check expiration date
+	if !time.Now().Before(cert.NotAfter) {
+		return errors.New("gemini: certificate expired")
+	}
 
 	// See if the client trusts the certificate
 	if c.TrustCertificate != nil {
author	Adnan Maolood <[email protected]>	2020-12-19 13:43:47 -0500
committer	Adnan Maolood <[email protected]>	2020-12-19 13:43:47 -0500
commit	80ffa728639659c0159e0a26d7e49df9990f761a (patch)
tree	f214010136c2fdc59c066469d56f6e91e93fa97f /client.go
parent	Add ResponseWriter.Flush function (diff)
download	go-gemini-80ffa728639659c0159e0a26d7e49df9990f761a.tar.xz go-gemini-80ffa728639659c0159e0a26d7e49df9990f761a.zip