Certificates that can't be loaded are fatal

DNSCrypt · Mar 24, 2020 · 315f6f4 · 315f6f4
1 parent 2670caa
commit 315f6f4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go
@@ -407,7 +407,7 @@ func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isN
 		dohClientCreds, ok = (*proxy.dohCreds)["*"]
 	}
 	if ok {
-		dlog.Noticef("[%s] Cert: %s, Key: %s", name, dohClientCreds.clientCert, dohClientCreds.clientKey)
+		dlog.Noticef("Enabling TLS authentication for [%s]", name)
 		proxy.xTransport.tlsClientCreds = dohClientCreds
 		proxy.xTransport.rebuildTransport()
 	}

diff --git a/dnscrypt-proxy/xtransport.go b/dnscrypt-proxy/xtransport.go
@@ -162,7 +162,7 @@ func (xTransport *XTransport) rebuildTransport() {
 	if (clientCreds != DOHClientCreds{}) {
 		cert, err := tls.LoadX509KeyPair(clientCreds.clientCert, clientCreds.clientKey)
 		if err != nil {
-			dlog.Error(err)
+			dlog.Fatalf("Unable to use certificate [%v] (key: [%v]): %v", clientCreds.clientCert, clientCreds.clientKey, err)
 		}
 		tlsClientConfig.Certificates = []tls.Certificate{cert}
 	}