cmd/derper, net/tlsdial: fix client's self-signed cert validation

This fixes the implementation and test from #15208 which apparently never worked. Ignore the metacert when counting the number of expected certs presented. And fix the test, pulling out the TLSConfig setup code into something shared between the real cmd/derper and the test. Fixes #15579 Change-Id: I90526e38e59f89b480629b415f00587b107de10a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-14 06:57:31 +00:00 · 2025-05-19 08:39:55 -07:00
parent b5770c81c9
commit 8009ad74a3
11 changed files with 77 additions and 27 deletions
--- a/derp/derp_server.go
+++ b/derp/derp_server.go
@@ -11,6 +11,7 @@ import (
 	"context"
 	"crypto/ed25519"
 	crand "crypto/rand"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/binary"
@@ -38,6 +39,7 @@ import (
 	"golang.org/x/sync/errgroup"
 	"tailscale.com/client/local"
 	"tailscale.com/client/tailscale"
+	"tailscale.com/derp/derpconst"
 	"tailscale.com/disco"
 	"tailscale.com/envknob"
 	"tailscale.com/metrics"
@@ -616,7 +618,7 @@ func (s *Server) initMetacert() {
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(ProtocolVersion),
 		Subject: pkix.Name{
-			CommonName: fmt.Sprintf("derpkey%s", s.publicKey.UntypedHexString()),
+			CommonName: derpconst.MetaCertCommonNamePrefix + s.publicKey.UntypedHexString(),
 		},
 		// Windows requires NotAfter and NotBefore set:
 		NotAfter:  s.clock.Now().Add(30 * 24 * time.Hour),
@@ -636,6 +638,25 @@ func (s *Server) initMetacert() {
 // TLS server to let the client skip a round trip during start-up.
 func (s *Server) MetaCert() []byte { return s.metaCert }

+// ModifyTLSConfigToAddMetaCert modifies c.GetCertificate to make
+// it append s.MetaCert to the returned certificates.
+//
+// It panics if c or c.GetCertificate is nil.
+func (s *Server) ModifyTLSConfigToAddMetaCert(c *tls.Config) {
+	getCert := c.GetCertificate
+	if getCert == nil {
+		panic("c.GetCertificate is nil")
+	}
+	c.GetCertificate = func(hi *tls.ClientHelloInfo) (*tls.Certificate, error) {
+		cert, err := getCert(hi)
+		if err != nil {
+			return nil, err
+		}
+		cert.Certificate = append(cert.Certificate, s.MetaCert())
+		return cert, nil
+	}
+}
+
 // registerClient notes that client c is now authenticated and ready for packets.
 //
 // If c.key is connected more than once, the earlier connection(s) are
--- a/derp/derp_test.go
+++ b/derp/derp_test.go
@@ -27,6 +27,7 @@ import (
 	qt "github.com/frankban/quicktest"
 	"go4.org/mem"
 	"golang.org/x/time/rate"
+	"tailscale.com/derp/derpconst"
 	"tailscale.com/disco"
 	"tailscale.com/net/memnet"
 	"tailscale.com/tstest"
@@ -930,7 +931,7 @@ func TestMetaCert(t *testing.T) {
 	if fmt.Sprint(cert.SerialNumber) != fmt.Sprint(ProtocolVersion) {
 		t.Errorf("serial = %v; want %v", cert.SerialNumber, ProtocolVersion)
 	}
-	if g, w := cert.Subject.CommonName, fmt.Sprintf("derpkey%s", pub.UntypedHexString()); g != w {
+	if g, w := cert.Subject.CommonName, derpconst.MetaCertCommonNamePrefix+pub.UntypedHexString(); g != w {
 		t.Errorf("CommonName = %q; want %q", g, w)
 	}
 	if n := len(cert.Extensions); n != 1 {
--- a/derp/derpconst/derpconst.go
+++ b/derp/derpconst/derpconst.go
@@ -0,0 +1,11 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package derpconst contains constants used by the DERP client and server.
+package derpconst
+
+// MetaCertCommonNamePrefix is the prefix that the DERP server
+// puts on for the common name of its "metacert". The suffix of
+// the common name after "derpkey" is the hex key.NodePublic
+// of the DERP server.
+const MetaCertCommonNamePrefix = "derpkey"
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@@ -30,6 +30,7 @@ import (

 	"go4.org/mem"
 	"tailscale.com/derp"
+	"tailscale.com/derp/derpconst"
 	"tailscale.com/envknob"
 	"tailscale.com/health"
 	"tailscale.com/net/dnscache"
@@ -1152,7 +1153,7 @@ var ErrClientClosed = errors.New("derphttp.Client closed")
 func parseMetaCert(certs []*x509.Certificate) (serverPub key.NodePublic, serverProtoVersion int) {
 	for _, cert := range certs {
 		// Look for derpkey prefix added by initMetacert() on the server side.
-		if pubHex, ok := strings.CutPrefix(cert.Subject.CommonName, "derpkey"); ok {
+		if pubHex, ok := strings.CutPrefix(cert.Subject.CommonName, derpconst.MetaCertCommonNamePrefix); ok {
 			var err error
 			serverPub, err = key.ParseNodePublicUntyped(mem.S(pubHex))
 			if err == nil && cert.SerialNumber.BitLen() <= 8 { // supports up to version 255