Index: Makefile
==================================================================
--- Makefile
+++ Makefile
@@ -1,11 +1,11 @@
 CC = gcc
 PKG_CONFIG = pkg-config
 FUSE_CFLAGS = $(shell $(PKG_CONFIG) --cflags fuse)
 CFLAGS_DEBUG = -Wall -g3 -ggdb3 -DDEBUG=1 -UNDEBUG -O0 -DAPPFS_EXIT_PATH=1
 CFLAGS_RELEASE = -Wall -UDEBUG -DNDEBUG=1 -O3
-CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_DEBUG)
+CFLAGS = $(FUSE_CFLAGS) $(TCL_CFLAGS) $(CFLAGS_RELEASE)
 LDFLAGS = $(TCL_LDFLAGS)
 FUSE_LIBS = $(shell $(PKG_CONFIG) --libs fuse)
 LIBS = $(FUSE_LIBS) $(TCL_LIBS)
 PREFIX = /usr/local
 prefix = $(PREFIX)

Index: appfsd.tcl
==================================================================
--- appfsd.tcl
+++ appfsd.tcl
@@ -94,10 +94,14 @@
 			return false
 		}
 
 		return true
 	}
+
+	proc _verifySignatureAndCertificate {certificate signature} {
+		return true
+	}
 
 	proc _normalizeOS {os} {
 		set os [string tolower [string trim $os]]
 
 		switch -- $os {
@@ -227,15 +231,23 @@
 			db eval {INSERT OR REPLACE INTO sites (hostname, lastUpdate, ttl) VALUES ($hostname, $now, $::appfs::nttl);}
 
 			return -code error "Unable to fetch $url"
 		}
 
-		set indexhash [lindex [split $indexhash_data ","] 0]
+		set indexhash_data [split $indexhash_data ","]
+		set indexhash [lindex $indexhash_data 0]
+		set indexhashmethod [lindex $indexhash_data 1]
+		set indexhashcert   [lindex $indexhash_data 2]
+		set indexhashsig    [lindex $indexhash_data 3]
 
 		if {![_isHash $indexhash]} {
 			return -code error "Invalid hash: $indexhash"
 		}
+
+		if {![_verifySignatureAndCertificate $indexhashcert $indexhashsig]} {
+			return -code error "Invalid signature or certificate from $hostname"
+		}
 
 		set file [download $hostname $indexhash]
 		set fd [open $file]
 		set data [read $fd]
 		close $fd