server: Don't populate Request.Certificate field

Handlers should instead use the certificate provided in Request.TLS.

request.go

@@ -13,8 +13,6 @@ import (
 // by a client.
 //
 // The field semantics differ slightly between client and server usage.
-// In addition to the notes on the fields below, see the documentation
-// for Request.Write and TODO: RoundTripper.
 type Request struct {
 	// URL specifies the URL being requested (for server
 	// requests) or the URL to access (for client requests).
@@ -25,10 +23,9 @@ type Request struct {
 	// This field is ignored by the Gemini server.
 	Host string
 
-	// Certificate specifies the TLS certificate to use for the request.
+	// For client requests, Certificate optionally specifies the
-	//
+	// TLS certificate to present to the other side of the connection.
-	// On the server side, if the client provided a certificate then
+	// This field is ignored by the Gemini server.
-	// Certificate.Leaf is guaranteed to be non-nil.
 	Certificate *tls.Certificate
 
 	// RemoteAddr allows Gemini servers and other software to record
@@ -49,13 +46,18 @@ type Request struct {
 	// This field is ignored by the Gemini client.
 	TLS *tls.ConnectionState
 
-	// Context specifies the context to use for client requests.
+	// Context specifies the context to use for outgoing requests.
+	// The context controls the entire lifetime of a request and its
+	// response: obtaining a connection, sending the request, and
+	// reading the response header and body.
 	// If Context is nil, the background context will be used.
 	// This field is ignored by the Gemini server.
 	Context context.Context
 }
 
 // NewRequest returns a new request. The host is inferred from the URL.
+//
+// The returned Request is suitable for use with Client.Do.
 func NewRequest(rawurl string) (*Request, error) {
 	u, err := url.Parse(rawurl)
 	if err != nil {

server.go

@@ -230,14 +230,6 @@ func (srv *Server) respond(conn net.Conn) {
 	if tlsConn, ok := conn.(*tls.Conn); ok {
 		state := tlsConn.ConnectionState()
 		req.TLS = &state
-		if len(req.TLS.PeerCertificates) > 0 {
-			peerCert := req.TLS.PeerCertificates[0]
-			// Store the TLS certificate
-			req.Certificate = &tls.Certificate{
-				Certificate: [][]byte{peerCert.Raw},
-				Leaf:        peerCert,
-			}
-		}
 	}
 
 	// Store remote address
@@ -289,7 +281,7 @@ func (srv *Server) logf(format string, args ...interface{}) {
 // If ServeGemini panics, the server (the caller of ServeGemini) assumes that
 // the effect of the panic was isolated to the active request. It recovers
 // the panic, logs a stack trace to the server error log, and closes the
-// newtwork connection. To abort a handler so the client sees an interrupted
+// network connection. To abort a handler so the client sees an interrupted
 // response but the server doesn't log an error, panic with the value
 // ErrAbortHandler.
 type Handler interface {