/*
ucspi/cmd/tlsc -- UCSPI TLS client
-Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
cfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
spki := verifiedChains[0][0].RawSubjectPublicKeyInfo
hshTheir := sha256.Sum256(spki)
- if bytes.Compare(hshOur, hshTheir[:]) != 0 {
+ if !bytes.Equal(hshOur, hshTheir[:]) {
return errors.New("server certificate's SPKI hash mismatch")
}
return nil