examples/client: Fix fingerprint checkv0.1.10

author: Adnan Maolood <[email protected]> 2020-12-19 13:44:33 -0500
committer: Adnan Maolood <[email protected]> 2020-12-19 13:44:33 -0500
commit: 48fa6a724e55c35d46504be9c23336a13359fc4e (patch)
tree: b32b8df47b7d22b86bde0ae4067845d31d962396 /examples
parent: client: Verify expiration time (diff)
download: go-gemini-48fa6a724e55c35d46504be9c23336a13359fc4e.tar.xz
go-gemini-48fa6a724e55c35d46504be9c23336a13359fc4e.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/examples/client.go b/examples/client.go
index 5ccb3ef..f707f04 100644
--- a/examples/client.go
+++ b/examples/client.go
@@ -46,13 +46,16 @@ Otherwise, this should be safe to trust.
 => `
 
 func trustCertificate(hostname string, cert *x509.Certificate) error {
+	fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
 	knownHost, ok := hosts.Lookup(hostname)
 	if ok && time.Now().Before(knownHost.Expires) {
-		// Certificate is in known hosts file and is not expired
-		return nil
+		// Check fingerprint
+		if knownHost.Hex == fingerprint.Hex {
+			return nil
+		}
+		return errors.New("error: fingerprint does not match!")
 	}
 
-	fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
 	fmt.Printf(trustPrompt, hostname, fingerprint.Hex)
 	scanner.Scan()
 	switch scanner.Text() {
author	Adnan Maolood <[email protected]>	2020-12-19 13:44:33 -0500
committer	Adnan Maolood <[email protected]>	2020-12-19 13:44:33 -0500
commit	48fa6a724e55c35d46504be9c23336a13359fc4e (patch)
tree	b32b8df47b7d22b86bde0ae4067845d31d962396 /examples
parent	client: Verify expiration time (diff)
download	go-gemini-48fa6a724e55c35d46504be9c23336a13359fc4e.tar.xz go-gemini-48fa6a724e55c35d46504be9c23336a13359fc4e.zip