Don't check if certificate is expired
This commit is contained in:
parent
520d0a7fb1
commit
a5712c7705
@ -214,9 +214,9 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
// Check the known hosts
|
// Check the known hosts
|
||||||
|
// No need to check if it is expired as tls already does that
|
||||||
knownHost, ok := c.KnownHosts.Lookup(hostname)
|
knownHost, ok := c.KnownHosts.Lookup(hostname)
|
||||||
if ok && time.Now().After(cert.NotAfter) {
|
if ok {
|
||||||
// Not expired
|
|
||||||
fingerprint := NewFingerprint(cert)
|
fingerprint := NewFingerprint(cert)
|
||||||
if knownHost.Hex != fingerprint.Hex {
|
if knownHost.Hex != fingerprint.Hex {
|
||||||
return errors.New("gemini: fingerprint does not match")
|
return errors.New("gemini: fingerprint does not match")
|
||||||
@ -224,7 +224,6 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Unknown certificate
|
|
||||||
// See if the client trusts the certificate
|
// See if the client trusts the certificate
|
||||||
if c.TrustCertificate != nil {
|
if c.TrustCertificate != nil {
|
||||||
switch c.TrustCertificate(hostname, cert) {
|
switch c.TrustCertificate(hostname, cert) {
|
||||||
|
Loading…
Reference in New Issue
Block a user