Remove (*KnownHosts).Has function

client.go

@@ -195,8 +195,10 @@ func (c *Client) Send(req *Request) (*Response, error) {
 			}
 			// Check that the client trusts the certificate
 			if c.TrustCertificate == nil {
-				if c.KnownHosts == nil || !c.KnownHosts.Has(cert) {
+				if c.KnownHosts == nil {
 					return ErrCertificateNotTrusted
+				} else if err := c.KnownHosts.Lookup(cert); err != nil {
+					return err
 				}
 			} else if err := c.TrustCertificate(cert, c.KnownHosts); err != nil {
 				return err

tofu.go

@@ -57,20 +57,6 @@ func (k *KnownHosts) Add(cert *x509.Certificate) {
 	}
 }
 
-// Has reports whether the provided certificate is in the list.
-func (k *KnownHosts) Has(cert *x509.Certificate) bool {
-	now := time.Now().Unix()
-	hostname := cert.Subject.CommonName
-	fingerprint := Fingerprint(cert)
-	for i := range k.hosts {
-		if k.hosts[i].Expires > now && k.hosts[i].Hostname == hostname &&
-			k.hosts[i].Fingerprint == fingerprint {
-			return true
-		}
-	}
-	return false
-}
-
 // Lookup looks for the provided certificate in the list of known hosts.
 // If the hostname is in the list, but the fingerprint differs,
 // Lookup returns ErrCertificateNotTrusted.