From b2ae8fdf80496bef4626a9894bbd18c2fbf3e9e2 Mon Sep 17 00:00:00 2001
From: Thomas Kosiewski <thoma471@googlemail.com>
Date: Tue, 24 Oct 2023 16:27:29 +0200
Subject: [PATCH] derp/derphttp: strip port numbers from URL hostname

When trying to set up multiple derper instances meshing with each
other, it turned out that while one can specify an alternative
listening port using the -a flag, the TLS hostname gets incorrectly
determined and includes the set alternative listening port as part of
the hostname. Thus, the TLS hostname validation always fails when the
-mesh-with values have ports.

Updates #9949

Signed-off-by: Thomas Kosiewski <thomas.kosiewski@loft.sh>
---
 derp/derphttp/derphttp_client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/derp/derphttp/derphttp_client.go b/derp/derphttp/derphttp_client.go
index 3bd314464..3327ab43a 100644
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@@ -226,7 +226,7 @@ func (c *Client) useHTTPS() bool {
 // tlsServerName returns the tls.Config.ServerName value (for the TLS ClientHello).
 func (c *Client) tlsServerName(node *tailcfg.DERPNode) string {
 	if c.url != nil {
-		return c.url.Host
+		return c.url.Hostname()
 	}
 	return node.HostName
 }