From 48fa6a724e55c35d46504be9c23336a13359fc4e Mon Sep 17 00:00:00 2001
From: Adnan Maolood <me@adnano.co>
Date: Sat, 19 Dec 2020 13:44:33 -0500
Subject: [PATCH] examples/client: Fix fingerprint check

---
 examples/client.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/examples/client.go b/examples/client.go
index 5ccb3ef..f707f04 100644
--- a/examples/client.go
+++ b/examples/client.go
@@ -46,13 +46,16 @@ Otherwise, this should be safe to trust.
 => `
 
 func trustCertificate(hostname string, cert *x509.Certificate) error {
+	fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
 	knownHost, ok := hosts.Lookup(hostname)
 	if ok && time.Now().Before(knownHost.Expires) {
-		// Certificate is in known hosts file and is not expired
-		return nil
+		// Check fingerprint
+		if knownHost.Hex == fingerprint.Hex {
+			return nil
+		}
+		return errors.New("error: fingerprint does not match!")
 	}
 
-	fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
 	fmt.Printf(trustPrompt, hostname, fingerprint.Hex)
 	scanner.Scan()
 	switch scanner.Text() {