From f6c1ee81806c8b147f694c0f30100b8645ddb21b Mon Sep 17 00:00:00 2001
From: xfy <i@rua.plus>
Date: Wed, 3 Jun 2026 01:09:40 +0800
Subject: [PATCH] fix(proxy): log error when upstream TLS config creation fails

Previously the error was silently swallowed, causing the proxy to
fall back to default TLS settings (no custom CA, no mTLS, no SNI)
without any indication. Now the error is logged at ERROR level.
---
 internal/proxy/proxy.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/proxy/proxy.go b/internal/proxy/proxy.go
index 3b86256..3a28e53 100644
--- a/internal/proxy/proxy.go
+++ b/internal/proxy/proxy.go
@@ -337,7 +337,9 @@ func createHostClient(targetURL string, timeout config.ProxyTimeout, transportCf
 	// 上游 SSL 配置（使用原生 TLSConfig）
 	if sslCfg != nil && sslCfg.Enabled && isTLS {
 		tlsCfg, err := CreateTLSConfig(sslCfg, extractHostFromURL(targetURL))
-		if err == nil {
+		if err != nil {
+			logging.Error().Err(err).Str("target", targetURL).Msg("Failed to create upstream TLS config")
+		} else {
 			client.TLSConfig = tlsCfg
 		}
 	}