cmd/derper: in manual cert mode, don't discard error from VerifyHostname

bradfitz · bradfitz · commit b8ad90c2bf89 · 2022-01-11T08:40:42.000-08:00
Updates tailscale#3701 Change-Id: If8ca5104bd8221c99cc390ca49ee3401aff09b62 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
diff --git a/cmd/derper/cert.go b/cmd/derper/cert.go
@@ -67,8 +67,8 @@ func NewManualCertManager(certdir, hostname string) (certProvider, error) {
 	if err != nil {
 		return nil, fmt.Errorf("can not load cert: %w", err)
 	}
-	if x509Cert.VerifyHostname(hostname) != nil {
-		return nil, errors.New("refuse to load cert: hostname mismatch with key")
+	if err := x509Cert.VerifyHostname(hostname); err != nil {
+		return nil, fmt.Errorf("cert invalid for hostname %q: %w", hostname, err)
 	}
 	return &manualCertManager{cert: &cert, hostname: hostname}, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -67,8 +67,8 @@ func NewManualCertManager(certdir, hostname string) (certProvider, error) {`
`67`	`67`	`if err != nil {`
`68`	`68`	`return nil, fmt.Errorf("can not load cert: %w", err)`
`69`	`69`	`}`
`70`		`- if x509Cert.VerifyHostname(hostname) != nil {`
`71`		`- return nil, errors.New("refuse to load cert: hostname mismatch with key")`
	`70`	`+ if err := x509Cert.VerifyHostname(hostname); err != nil {`
	`71`	`+ return nil, fmt.Errorf("cert invalid for hostname %q: %w", hostname, err)`
`72`	`72`	`}`
`73`	`73`	`return &manualCertManager{cert: &cert, hostname: hostname}, nil`
`74`	`74`	`}`