diff options
| author | Adnan Maolood <[email protected]> | 2021-01-14 19:40:19 -0500 |
|---|---|---|
| committer | Adnan Maolood <[email protected]> | 2021-01-14 19:40:19 -0500 |
| commit | da8af5dbcb76c24f751478d0aaf46394635030e2 (patch) | |
| tree | 3eeeaeda5ad17a7384b1359622f00bb0a33bb328 /tofu | |
| parent | Update examples/auth.go (diff) | |
| download | go-gemini-da8af5dbcb76c24f751478d0aaf46394635030e2.tar.xz go-gemini-da8af5dbcb76c24f751478d0aaf46394635030e2.zip | |
tofu: Update documentation
Diffstat (limited to 'tofu')
| -rw-r--r-- | tofu/tofu.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/tofu/tofu.go b/tofu/tofu.go index e4bceab..3343a78 100644 --- a/tofu/tofu.go +++ b/tofu/tofu.go @@ -128,7 +128,11 @@ func (k *KnownHosts) Parse(r io.Reader) error { return scanner.Err() } -// TOFU implements a basic Trust On First Use flow. +// TOFU implements basic Trust on First Use. +// +// If the host is not on file, it is added to the list. +// If the host on file is expired, it is replaced with the provided host. +// If the fingerprint does not match the one on file, an error is returned. func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error { host := NewHost(hostname, cert.Raw, cert.NotAfter) |