diff options
| author | adnano <[email protected]> | 2020-09-26 13:27:03 -0400 |
|---|---|---|
| committer | adnano <[email protected]> | 2020-09-26 13:27:03 -0400 |
| commit | bf3e6b3c5c875d58732530cd98d8d0c026e9f773 (patch) | |
| tree | 743460f1030d208d7aed9f746c64ab58f982956a /client.go | |
| parent | Update README.md (diff) | |
| download | go-gemini-bf3e6b3c5c875d58732530cd98d8d0c026e9f773.tar.xz go-gemini-bf3e6b3c5c875d58732530cd98d8d0c026e9f773.zip | |
Differentiate between unknown and untrusted certificates
Diffstat (limited to 'client.go')
| -rw-r--r-- | client.go | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -19,6 +19,7 @@ var ( ErrInvalidURL = errors.New("gemini: requested URL is invalid") ErrCertificateNotValid = errors.New("gemini: certificate is invalid") ErrCertificateNotTrusted = errors.New("gemini: certificate is not trusted") + ErrCertificateUnknown = errors.New("gemini: certificate is unknown") ) // Request represents a Gemini request. @@ -171,7 +172,8 @@ type Client struct { // TrustCertificate, if not nil, will be called to determine whether the // client should trust the given certificate. - TrustCertificate func(cert *x509.Certificate, knownHosts *KnownHosts) bool + // If error is not nil, the connection will be aborted. + TrustCertificate func(cert *x509.Certificate, knownHosts *KnownHosts) error } // Send sends a Gemini request and returns a Gemini response. @@ -196,8 +198,8 @@ func (c *Client) Send(req *Request) (*Response, error) { if c.KnownHosts == nil || !c.KnownHosts.Has(cert) { return ErrCertificateNotTrusted } - } else if !c.TrustCertificate(cert, c.KnownHosts) { - return ErrCertificateNotTrusted + } else if err := c.TrustCertificate(cert, c.KnownHosts); err != nil { + return err } return nil }, |