From 688e7e28238412bf48ad3b99cbb3a715d83a77e2 Mon Sep 17 00:00:00 2001
From: Adnan Maolood <me@adnano.co>
Date: Thu, 4 Mar 2021 16:14:29 -0500
Subject: [PATCH] certificate: Fix deadlock in Store.Get

---
 certificate/store.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/certificate/store.go b/certificate/store.go
index e606221..b93f571 100644
--- a/certificate/store.go
+++ b/certificate/store.go
@@ -106,7 +106,6 @@ func (s *Store) write(scope string, cert tls.Certificate) error {
 // Get is suitable for use in a gemini.Server's GetCertificate field.
 func (s *Store) Get(hostname string) (*tls.Certificate, error) {
 	s.mu.RLock()
-	defer s.mu.RUnlock()
 	_, ok := s.scopes[hostname]
 	if !ok {
 		// Try wildcard
@@ -121,10 +120,11 @@ func (s *Store) Get(hostname string) (*tls.Certificate, error) {
 		_, ok = s.scopes["*"]
 	}
 	if !ok {
+		s.mu.RUnlock()
 		return nil, errors.New("unrecognized scope")
 	}
-
 	cert := s.certs[hostname]
+	s.mu.RUnlock()
 
 	// If the certificate is empty or expired, generate a new one.
 	if cert.Leaf == nil || cert.Leaf.NotAfter.Before(time.Now()) {