mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
08dd4994d0
tailscale/net/tlsdial
History
Brad Fitzpatrick 150cd30b1d ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation 
We previously baked in the LetsEncrypt x509 root CA for our tlsdial
package.

This moves that out into a new "bakedroots" package and is now also
shared by ipn/ipnlocal's cert validation code (validCertPEM) that
decides whether it's time to fetch a new cert.

Otherwise, a machine without LetsEncrypt roots locally in its system
roots is unable to use tailscale cert/serve and fetch certs.

Fixes #14690

Change-Id: Ic88b3bdaabe25d56b9ff07ada56a27e3f11d7159
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-01-21 17:47:55 -08:00
..
blockblame net/tlsdial: call out firewalls blocking Tailscale in health warnings (#13840) 2024-10-19 00:35:46 +00:00
deps_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
tlsdial_test.go ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation 2025-01-21 17:47:55 -08:00
tlsdial.go ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation 2025-01-21 17:47:55 -08:00