tlsConfig.VerifyConnection = func(s tls.ConnectionState) error {
spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo
theirDgst := sha256.Sum256(spki)
- if bytes.Compare(ourDgst, theirDgst[:]) != 0 {
+ if !bytes.Equal(ourDgst, theirDgst[:]) {
return errors.New("certificate's SPKI digest mismatch")
}
return nil