ipn/ipnlocal: hacky client changes for test TLS certs

Change-Id: I46d9ab5d01d214fbd971f7472a0a5f64f9f8acb0 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-07-31 00:03:47 +00:00 · 2025-01-23 22:48:11 +00:00 · 2025-01-23 22:48:11 +00:00 · 90ccc1e107
commit 90ccc1e107
parent f1710f4a42
1 changed files with 13 additions and 3 deletions
--- a/ipn/ipnlocal/cert.go
+++ b/ipn/ipnlocal/cert.go
@ -24,6 +24,7 @@ import (
 	"log"
 	randv2 "math/rand/v2"
 	"net"
+	"net/http"
 	"os"
 	"path/filepath"
 	"runtime"
@ -550,12 +551,13 @@ func (b *LocalBackend) getCertPEM(ctx context.Context, cs certStore, logf logger
 		return nil, err
 	}

-	csr, err := certRequest(certPrivKey, domain, nil)
+	csr, err := certRequest(certPrivKey, domain, nil, domain)
 	if err != nil {
 		return nil, err
 	}

 	logf("requesting cert...")
+	traceACME(csr)
 	der, _, err := ac.CreateOrderCert(ctx, order.FinalizeURL, csr, true)
 	if err != nil {
 		return nil, fmt.Errorf("CreateOrder: %v", err)
@ -658,8 +660,16 @@ func acmeClient(cs certStore) (*acme.Client, error) {
 	// LetsEncrypt), we should make sure that they support ARI extension (see
 	// shouldStartDomainRenewalARI).
 	return &acme.Client{
-		Key:       key,
-		UserAgent: "tailscaled/" + version.Long(),
+		Key:          key,
+		UserAgent:    "tailscaled/" + version.Long(),
+		DirectoryURL: "https://localhost:14000/dir",
+		HTTPClient: &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+			},
+		},
 	}, nil
 }