From 74cb1d3d52f4c01cbfb44c1b50d204462f3124c7 Mon Sep 17 00:00:00 2001
From: David Jones <dxjones@gmail.com>
Date: Wed, 24 Oct 2018 15:56:48 +0000
Subject: [PATCH] acme/autocert: include rejected hostname in TLS handshake
 error when host not configured

More informative error message enables HTTPS server configuration mistakes to be corrected quickly, since log files will now include the rejected hostname.  If the hostname should be accepted, it can be added to the HostWhitelist Policy.

Fixes golang/go#28345

Change-Id: I801c82f0d3b19bc34592c9cd0bce77f1b284d19d
GitHub-Last-Rev: 5dfe731d732d693f9bdd79c8a74efd30a2f56d0b
GitHub-Pull-Request: golang/crypto#63
Reviewed-on: https://go-review.googlesource.com/c/144337
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 acme/autocert/autocert.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme/autocert/autocert.go b/acme/autocert/autocert.go
index 4c2fc072..a50d9bfc 100644
--- a/acme/autocert/autocert.go
+++ b/acme/autocert/autocert.go
@@ -69,7 +69,7 @@ func HostWhitelist(hosts ...string) HostPolicy {
 	}
 	return func(_ context.Context, host string) error {
 		if !whitelist[host] {
-			return errors.New("acme/autocert: host not configured")
+			return fmt.Errorf("acme/autocert: host %q not configured in HostWhitelist", host)
 		}
 		return nil
 	}