From fbc1f761944d1ded149450e3b190da6cd1125329 Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Tue, 29 Sep 2020 11:12:23 -0400
Subject: [PATCH] Create the certificate store if it does not exist

---
 README.md                 | 7 ++-----
 client.go                 | 4 ++++
 examples/auth/auth.go     | 2 +-
 examples/client/client.go | 2 --
 gemini.go                 | 1 -
 5 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 780993f..503d3da 100644
--- a/README.md
+++ b/README.md
@@ -84,12 +84,10 @@ Gemini takes advantage of client certificates for authentication.
 
 If a server responds with `StatusCertificateRequired`, clients will generate a
 certificate for the site and resend the request with the provided certificate.
-The default client handles this for you. Other clients must specify the fields
-`CertificateStore` and `GetCertificate`:
+The default client handles this for you. Other clients must specify the field
+`GetCertificate`:
 
 ```go
-// Initialize the certificate store.
-client.CertificateStore = gmi.CertificateStore{}
 // GetCertificate is called when a server requests a certificate.
 // The returned certificate, if not nil, will be used when resending the request.
 client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.Certificate {
@@ -109,7 +107,6 @@ client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.C
 }
 ```
 
-
 Servers can then authenticate their clients with the fingerprint of their
 certificates.
 
diff --git a/client.go b/client.go
index 6cd7baf..5d28b84 100644
--- a/client.go
+++ b/client.go
@@ -276,6 +276,10 @@ func (c *Client) Send(req *Request) (*Response, error) {
 		if req.Certificate != nil {
 			return resp, nil
 		}
+		// Create the certificate store if it does not exist
+		if c.CertificateStore == nil {
+			c.CertificateStore = CertificateStore{}
+		}
 		if c.GetCertificate != nil {
 			if cert := c.GetCertificate(req.Hostname(), c.CertificateStore); cert != nil {
 				req.Certificate = cert
diff --git a/examples/auth/auth.go b/examples/auth/auth.go
index ba12096..7e2b751 100644
--- a/examples/auth/auth.go
+++ b/examples/auth/auth.go
@@ -79,7 +79,7 @@ func login(rw *gmi.ResponseWriter, req *gmi.Request) {
 			sessions[fingerprint] = &session{
 				username: username,
 			}
-			gmi.Redirect(rw, req, "/login#password")
+			gmi.Redirect(rw, req, "/login/password")
 		})
 	})
 }
diff --git a/examples/client/client.go b/examples/client/client.go
index 14d17fe..534c5a3 100644
--- a/examples/client/client.go
+++ b/examples/client/client.go
@@ -48,8 +48,6 @@ func init() {
 		}
 		return err
 	}
-
-	client.CertificateStore = gmi.CertificateStore{}
 	client.GetCertificate = func(hostname string, store gmi.CertificateStore) *tls.Certificate {
 		// If the certificate is in the store, return it
 		if cert, ok := store[hostname]; ok {
diff --git a/gemini.go b/gemini.go
index 81181d6..e3f2562 100644
--- a/gemini.go
+++ b/gemini.go
@@ -76,7 +76,6 @@ func init() {
 var setupDefaultClientOnce sync.Once
 
 func setupDefaultClient() {
-	DefaultClient.CertificateStore = CertificateStore{}
 	DefaultClient.KnownHosts.Load()
 }