fix: remove port from TLS server name validation (#28)

deansheather · deansheather · commit d1b7f8087191 · 2023-07-31T10:53:44.000Z
diff --git a/derp/derphttp/derphttp_client.go b/derp/derphttp/derphttp_client.go
@@ -198,7 +198,9 @@ func (c *Client) useHTTPS(node *tailcfg.DERPNode) bool {
 // tlsServerName returns the tls.Config.ServerName value (for the TLS ClientHello).
 func (c *Client) tlsServerName(node *tailcfg.DERPNode) string {
 	if c.url != nil {
-		return c.url.Host
+		// Host contains port which breaks cert validation. Hostname() strips
+		// the port.
+		return c.url.Hostname()
 	}
 	if node == nil {
 		return ""
