mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-06 14:17:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
main
tailscale/net/dnsfallback
History
Brad Fitzpatrick e92eb6b17b net/tlsdial: fix TLS cert validation of HTTPS proxies 
If you had HTTPS_PROXY=https://some-valid-cert.example.com running a
CONNECT proxy, we should've been able to do a TLS CONNECT request to
e.g. controlplane.tailscale.com:443 through that, and I'm pretty sure
it used to work, but refactorings and lack of integration tests made
it regress.

It probably regressed when we added the baked-in LetsEncrypt root cert
validation fallback code, which was testing against the wrong hostname
(the ultimate one, not the one which we were being asked to validate)

Fixes #16222

Change-Id: If014e395f830e2f87f056f588edacad5c15e91bc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-06-18 14:20:39 -07:00
..
dns-fallback-servers.json net/dnsfallback: set CanPort80 in static DERPMap (#12929) 2024-07-26 13:04:12 -07:00
dnsfallback_test.go net/netmon: publish events to event bus 2025-04-16 10:10:45 -07:00
dnsfallback.go net/tlsdial: fix TLS cert validation of HTTPS proxies 2025-06-18 14:20:39 -07:00
update-dns-fallbacks.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00