From be55224f89540124815c9e981423b2421b2dc944 Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Fri, 25 Sep 2020 20:31:03 -0400
Subject: [PATCH] Fix known host expires check

---
 README.md | 2 +-
 tofu.go   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 33eebd7..cb83665 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@ The way this is implemented in this package is like so:
 
 1. Client makes a request with `NewRequest`. The client then sends the request
 	with `Send(*Request) (*Response, error)`. The client can optionally verify
-	the server certificates with `VerifyCertificate(*x509.Certificate, *Request)`
+	the server certificate with `VerifyCertificate(*x509.Certificate, *Request)`
 2. Server recieves the request and constructs a response.
 	The server calls the `Serve(*ResponseWriter, *Request)` method on the
 	`Handler` field. The handler writes the response. The server then closes
diff --git a/tofu.go b/tofu.go
index f3d4bea..f3633e1 100644
--- a/tofu.go
+++ b/tofu.go
@@ -26,7 +26,7 @@ func (k KnownHosts) Has(hostname string, cert *x509.Certificate) bool {
 	now := time.Now().Unix()
 	fingerprint := Fingerprint(cert)
 	for i := range k {
-		if k[i].Expires < now && k[i].Hostname == hostname && k[i].Fingerprint == fingerprint {
+		if k[i].Expires > now && k[i].Hostname == hostname && k[i].Fingerprint == fingerprint {
 			return true
 		}
 	}