Pull request: 4927-imp-ui

Updates #4927. Squashed commit of the following: commit 510143325805133e379ebc207cdc6bff59c94ade Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Nov 22 15:00:13 2022 +0300 home: imp err commit fd65a9914494b6dccdee7c0f0aa08bce80ce0945 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Nov 21 18:53:39 2022 +0300 client: imp validation ui
2022-11-22 17:07:49 +03:00
parent 93882d6860
commit 08282dc4d9
3 changed files with 30 additions and 7 deletions
--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@@ -513,6 +513,11 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
 	return nil
 }

+// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
+// certificate doesn't contain IPs.
+const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
+	`DNS-over-TLS won't be advertised via DDR`
+
 // parseCertChain parses the certificate chain from raw data, and returns it.
 // If ok is true, the returned error, if any, is not critical.
 func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
@@ -535,8 +540,7 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
 	log.Info("tls: number of certs: %d", len(parsedCerts))

 	if !aghtls.CertificateHasIP(parsedCerts[0]) {
-		err = errors.Error(`certificate has no IP addresses` +
-			`, this may cause issues with DNS-over-TLS clients`)
+		err = errNoIPInCert
 	}

 	return parsedCerts, true, err