mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-07 22:57:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
mikeodr/add-nixos-modules
tailscale/net/dnscache
History
Brad Fitzpatrick e92eb6b17b net/tlsdial: fix TLS cert validation of HTTPS proxies 
If you had HTTPS_PROXY=https://some-valid-cert.example.com running a
CONNECT proxy, we should've been able to do a TLS CONNECT request to
e.g. controlplane.tailscale.com:443 through that, and I'm pretty sure
it used to work, but refactorings and lack of integration tests made
it regress.

It probably regressed when we added the baked-in LetsEncrypt root cert
validation fallback code, which was testing against the wrong hostname
(the ultimate one, not the one which we were being asked to validate)

Fixes #16222

Change-Id: If014e395f830e2f87f056f588edacad5c15e91bc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-06-18 14:20:39 -07:00
..
dnscache_test.go tstest: add method to Replace values for tests 2023-03-03 17:02:33 -08:00
dnscache.go net/tlsdial: fix TLS cert validation of HTTPS proxies 2025-06-18 14:20:39 -07:00
messagecache_test.go net/*: remove Windows exceptions for when Resolver.PreferGo didn't work 2025-06-18 10:45:20 -07:00
messagecache.go util/cmpx: delete now that we're using Go 1.22 2024-02-07 18:10:15 -08:00