examples/client: Fix fingerprint check

2024-09-19 23:01:37 +02:00 · 2020-12-19 13:44:33 -05:00 · 2020-12-19 13:44:33 -05:00 · add315920c
commit add315920c
parent a9922727e9
1 changed files with 6 additions and 3 deletions
--- a/examples/client.go
+++ b/examples/client.go
@ -46,13 +46,16 @@ Otherwise, this should be safe to trust.
 => `

 func trustCertificate(hostname string, cert *x509.Certificate) error {
+	fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
 	knownHost, ok := hosts.Lookup(hostname)
 	if ok && time.Now().Before(knownHost.Expires) {
-		// Certificate is in known hosts file and is not expired
-		return nil
+		// Check fingerprint
+		if knownHost.Hex == fingerprint.Hex {
+			return nil
+		}
+		return errors.New("error: fingerprint does not match!")
 	}

-	fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
 	fmt.Printf(trustPrompt, hostname, fingerprint.Hex)
 	scanner.Scan()
 	switch scanner.Text() {