cmd/derper: in manual cert mode, don't discard error from VerifyHostname

Updates #3701 Change-Id: If8ca5104bd8221c99cc390ca49ee3401aff09b62 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-26 03:25:35 +00:00 · 2022-01-11 08:11:18 -08:00 · 2022-01-11 08:11:18 -08:00 · b8ad90c2bf
commit b8ad90c2bf
parent b1b0fd119b
1 changed files with 2 additions and 2 deletions
--- a/cmd/derper/cert.go
+++ b/cmd/derper/cert.go
@ -67,8 +67,8 @@ func NewManualCertManager(certdir, hostname string) (certProvider, error) {
 	if err != nil {
 		return nil, fmt.Errorf("can not load cert: %w", err)
 	}
-	if x509Cert.VerifyHostname(hostname) != nil {
+	if err := x509Cert.VerifyHostname(hostname); err != nil {
-		return nil, errors.New("refuse to load cert: hostname mismatch with key")
+		return nil, fmt.Errorf("cert invalid for hostname %q: %w", hostname, err)
 	}
 	return &manualCertManager{cert: &cert, hostname: hostname}, nil
 }