mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-06 22:27:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
e92eb6b17b
tailscale/net/tlsdial
History
Brad Fitzpatrick e92eb6b17b net/tlsdial: fix TLS cert validation of HTTPS proxies 
If you had HTTPS_PROXY=https://some-valid-cert.example.com running a
CONNECT proxy, we should've been able to do a TLS CONNECT request to
e.g. controlplane.tailscale.com:443 through that, and I'm pretty sure
it used to work, but refactorings and lack of integration tests made
it regress.

It probably regressed when we added the baked-in LetsEncrypt root cert
validation fallback code, which was testing against the wrong hostname
(the ultimate one, not the one which we were being asked to validate)

Fixes #16222

Change-Id: If014e395f830e2f87f056f588edacad5c15e91bc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-06-18 14:20:39 -07:00
..
blockblame net/tlsdial: call out firewalls blocking Tailscale in health warnings (#13840) 2024-10-19 00:35:46 +00:00
deps_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
tlsdial_test.go net/tlsdial: fix TLS cert validation of HTTPS proxies 2025-06-18 14:20:39 -07:00
tlsdial.go net/tlsdial: fix TLS cert validation of HTTPS proxies 2025-06-18 14:20:39 -07:00