fix(dgw): ensure the hostname matches TLS certificate (#648)

Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.Log warnings are ignored at this point, so it doesn’t really help.
Devolutions · Jan 16, 2024 · 6ebee46 · 6ebee46
1 parent b2244a9
commit 6ebee46
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/devolutions-gateway/src/config.rs b/devolutions-gateway/src/config.rs
@@ -181,9 +181,10 @@ impl Conf {
                     .clone()
                     .context("TLS usage implied, but TLS certificate subject name is missing")?;
 
-                if !crate::utils::wildcard_host_match(&cert_subject_name, &hostname) {
-                    warn!("Gateway hostname doesn’t match the TLS certificate subject name configured");
-                }
+                anyhow::ensure!(
+                    crate::utils::wildcard_host_match(&cert_subject_name, &hostname),
+                    "hostname doesn’t match the TLS certificate subject name configured",
+                );
 
                 let store_location = conf_file.tls_certificate_store_location.unwrap_or_default();