From fc4e77604fa697887065f6b45a7579613103795d Mon Sep 17 00:00:00 2001
From: James Houlahan <james.houlahan@protonmail.com>
Date: Thu, 9 Jul 2020 13:19:32 +0200
Subject: [PATCH] fix: don't panic if not given tls connection in pin checker

---
 pkg/pmapi/pin_checker.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/pmapi/pin_checker.go b/pkg/pmapi/pin_checker.go
index 920ae665..a88df888 100644
--- a/pkg/pmapi/pin_checker.go
+++ b/pkg/pmapi/pin_checker.go
@@ -24,6 +24,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"net"
 	"time"
@@ -50,7 +51,12 @@ func newPinChecker(trustedPins []string) pinChecker {
 
 // checkCertificate returns whether the connection presents a known TLS certificate.
 func (p *pinChecker) checkCertificate(conn net.Conn) error {
-	connState := conn.(*tls.Conn).ConnectionState()
+	tlsConn, ok := conn.(*tls.Conn)
+	if !ok {
+		return errors.New("connection is not a TLS connection")
+	}
+
+	connState := tlsConn.ConnectionState()
 
 	for _, peerCert := range connState.PeerCertificates {
 		fingerprint := certFingerprint(peerCert)