main.go    |  2 +-
 refresh.go | 10 ++++++++++

diff --git a/main.go b/main.go
index 60fc96e2cde6bbfb171da6f8361a85e612460e699487cc24f3db3975e9375472..4a94b8b73284a5e2903df3c301c9795fa04ad8999ffedcca0aae7e75c21c6b69 100644
--- a/main.go
+++ b/main.go
@@ -44,7 +44,7 @@ 	"golang.org/x/net/netutil"
 )
 
 const (
-	Version   = "3.1.0"
+	Version   = "3.2.0"
 	UserAgent = "GoCheese/" + Version
 )
 
diff --git a/refresh.go b/refresh.go
index 3b7f4743252119c5b7f5affaebda567340fc63f3e04072f825c7cda2734c20a0..0bef92fc290175cfeeef0adb2bccff0dc19250e71f7a154373d7be40cff7e521 100644
--- a/refresh.go
+++ b/refresh.go
@@ -25,6 +25,7 @@ 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"hash"
 	"io"
 	"io/ioutil"
@@ -425,6 +426,15 @@ 				log.Println(r.RemoteAddr, "pypi", filename, "digest mismatch")
 				os.Remove(dst.Name())
 				dst.Close()
 				http.Error(w, "digest mismatch", http.StatusBadGateway)
+				return false
+			}
+			if digestStored, err := ioutil.ReadFile(path + "." + hashAlgo); err == nil &&
+				bytes.Compare(digest, digestStored) != 0 {
+				err = errors.New("stored digest mismatch")
+				log.Println("error", r.RemoteAddr, "pypi", filename, err)
+				os.Remove(dst.Name())
+				dst.Close()
+				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return false
 			}
 			if !NoSync {