Brad Fitzpatrick e92eb6b17b net/tlsdial: fix TLS cert validation of HTTPS proxies ... If you had HTTPS_PROXY=https://some-valid-cert.example.com running a CONNECT proxy, we should've been able to do a TLS CONNECT request to e.g. controlplane.tailscale.com:443 through that, and I'm pretty sure it used to work, but refactorings and lack of integration tests made it regress. It probably regressed when we added the baked-in LetsEncrypt root cert validation fallback code, which was testing against the wrong hostname (the ultimate one, not the one which we were being asked to validate) Fixes #16222 Change-Id: If014e395f830e2f87f056f588edacad5c15e91bc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>		2025-06-18 14:20:39 -07:00
..
controlhttpcommon	control/controlhttp/controlhttpserver: split out Accept to its own package	2024-11-07 22:29:41 -08:00
controlhttpserver	derp/derphttp: don't link websockets other than on GOOS=js	2024-11-07 22:29:41 -08:00
client_common.go	all: update copyright and license headers	2023-01-27 15:36:29 -08:00
client_js.go	derp/derphttp: don't link websockets other than on GOOS=js	2024-11-07 22:29:41 -08:00
client.go	net/tlsdial: fix TLS cert validation of HTTPS proxies	2025-06-18 14:20:39 -07:00
constants.go	net/{netx,memnet},all: add netx.DialFunc, move memnet Network impl	2025-04-08 10:07:47 -07:00
http_test.go	derp/derphttp: remove ban on websockets dependency	2025-04-16 10:10:45 -07:00