Permit multiple authorised certificates per zone.

config.go

@@ -20,7 +20,7 @@ type Config struct {
 	MimeOverrides    map[string]string
 	CGIPaths         []string
 	SCGIPaths        map[string]string
-	CertificateZones map[string]string
+	CertificateZones map[string][]string
 	DirectorySort    string
 	DirectoryReverse bool
 	DirectoryTitles  bool

handler.go

@@ -94,16 +94,18 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
 
 	// Check whether this URL is in a certificate zone
 	authorised := true
-	for zone, allowed_fingerprint := range config.CertificateZones {
+	for zone, allowedFingerprints := range config.CertificateZones {
 		matched, err := regexp.Match(zone, []byte(URL.Path))
 		if !matched || err != nil {
 			continue
 		}
 		authorised = false
-		for _, cert := range clientCerts {
+		for _, clientCert := range clientCerts {
-			if getCertFingerprint(cert) == allowed_fingerprint {
+			for _, allowedFingerprint := range allowedFingerprints {
-				authorised = true
+					if getCertFingerprint(clientCert) == allowedFingerprint {
-				break
+						authorised = true
+						break
+					}
 			}
 		}
 	}