cfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
spki := verifiedChains[0][0].RawSubjectPublicKeyInfo
hshTheir := sha256.Sum256(spki)
- if bytes.Compare(hshOur, hshTheir[:]) != 0 {
+ if !bytes.Equal(hshOur, hshTheir[:]) {
return errors.New("server certificate's SPKI hash mismatch")
}
return nil