From 31161cf21c52aaa5da082bb5148985628afb675b Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@sdf.org>
Date: Sun, 28 Jun 2020 14:47:36 +0200
Subject: [PATCH] Permit multiple authorised certificates per zone.

---
 config.go  |  2 +-
 handler.go | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/config.go b/config.go
index efef53e..d089ffc 100644
--- a/config.go
+++ b/config.go
@@ -20,7 +20,7 @@ type Config struct {
 	MimeOverrides    map[string]string
 	CGIPaths         []string
 	SCGIPaths        map[string]string
-	CertificateZones map[string]string
+	CertificateZones map[string][]string
 	DirectorySort    string
 	DirectoryReverse bool
 	DirectoryTitles  bool
diff --git a/handler.go b/handler.go
index 6755c3f..c4cc0b8 100644
--- a/handler.go
+++ b/handler.go
@@ -94,16 +94,18 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
 
 	// Check whether this URL is in a certificate zone
 	authorised := true
-	for zone, allowed_fingerprint := range config.CertificateZones {
+	for zone, allowedFingerprints := range config.CertificateZones {
 		matched, err := regexp.Match(zone, []byte(URL.Path))
 		if !matched || err != nil {
 			continue
 		}
 		authorised = false
-		for _, cert := range clientCerts {
-			if getCertFingerprint(cert) == allowed_fingerprint {
-				authorised = true
-				break
+		for _, clientCert := range clientCerts {
+			for _, allowedFingerprint := range allowedFingerprints {
+					if getCertFingerprint(clientCert) == allowedFingerprint {
+						authorised = true
+						break
+					}
 			}
 		}
 	}