TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-02-27 10:47:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

derp: set NotBefore and NotAfter in DERP server's metacert

Browse Source 
Fixes regression from e4159912560d611ee23ba187ceb14c0de1ff3d82 that
only affected Windows users because Go only on Windows delegates x509
cert validation to the OS and Windows as unhappy with our "metacert"
lacking NotBefore and NotAfter.

Fixes #705
This commit is contained in:
Brad Fitzpatrick 2020-08-24 14:55:26 -07:00
parent a903d6c2ed
commit 169ff22a84
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
derp/derp_server.go
View File

@ -306,6 +306,9 @@ func (s *Server) initMetacert() {
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: fmt.Sprintf("derpkey%x", s.publicKey[:]), CommonName: fmt.Sprintf("derpkey%x", s.publicKey[:]),
}, },
// Windows requires NotAfter and NotBefore set:
NotAfter: time.Now().Add(30 * 24 * time.Hour),
NotBefore: time.Now().Add(-30 * 24 * time.Hour),
} }
cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv) cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv)
if err != nil { if err != nil {