From a5712c7705aeabdf1701a8af025f8f5c70e4015c Mon Sep 17 00:00:00 2001
From: Adnan Maolood <me@adnano.co>
Date: Thu, 5 Nov 2020 18:35:25 -0500
Subject: [PATCH] Don't check if certificate is expired

---
 client.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/client.go b/client.go
index b25165c..a478125 100644
--- a/client.go
+++ b/client.go
@@ -214,9 +214,9 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
 		return nil
 	}
 	// Check the known hosts
+	// No need to check if it is expired as tls already does that
 	knownHost, ok := c.KnownHosts.Lookup(hostname)
-	if ok && time.Now().After(cert.NotAfter) {
-		// Not expired
+	if ok {
 		fingerprint := NewFingerprint(cert)
 		if knownHost.Hex != fingerprint.Hex {
 			return errors.New("gemini: fingerprint does not match")
@@ -224,7 +224,6 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
 		return nil
 	}
 
-	// Unknown certificate
 	// See if the client trusts the certificate
 	if c.TrustCertificate != nil {
 		switch c.TrustCertificate(hostname, cert) {