diff --git a/client.go b/client.go
index 57a7d67..6b10ff5 100644
--- a/client.go
+++ b/client.go
@@ -28,7 +28,7 @@ type Client struct {
 	Timeout time.Duration
 
 	// InsecureTrustAlways specifies whether the client should trust
-	// any certificate it recieves without checking KnownHosts
+	// any certificate it receives without checking KnownHosts
 	// or calling TrustCertificate.
 	// Use with caution.
 	InsecureTrustAlways bool
diff --git a/examples/client.go b/examples/client.go
index 0a35cca..4c9b172 100644
--- a/examples/client.go
+++ b/examples/client.go
@@ -5,6 +5,7 @@ package main
 import (
 	"bufio"
 	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -30,6 +31,19 @@ var (
 
 func init() {
 	client.Timeout = 2 * time.Minute
+	client.KnownHosts.LoadDefault()
+	client.TrustCertificate = func(hostname string, cert *x509.Certificate) gemini.Trust {
+		fmt.Printf(trustPrompt, hostname, gemini.Fingerprint(cert))
+		scanner.Scan()
+		switch scanner.Text() {
+		case "t":
+			return gemini.TrustAlways
+		case "o":
+			return gemini.TrustOnce
+		default:
+			return gemini.TrustNone
+		}
+	}
 	client.CreateCertificate = func(hostname, path string) (tls.Certificate, error) {
 		fmt.Println("Generating client certificate for", hostname, path)
 		return gemini.CreateCertificate(gemini.CertificateOptions{