mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-01 14:05:39 +00:00
logpolicy: also set up TLS dialing (for iOS) for log uploads
This was the last of the three places that do TLS from clients (logs, control, derp). With this, iOS should be able to use the memory-efficient x509 root CertPool.
This commit is contained in:
parent
c726c1eec9
commit
9497921f52
@ -29,6 +29,7 @@
|
|||||||
"tailscale.com/atomicfile"
|
"tailscale.com/atomicfile"
|
||||||
"tailscale.com/logtail"
|
"tailscale.com/logtail"
|
||||||
"tailscale.com/logtail/filch"
|
"tailscale.com/logtail/filch"
|
||||||
|
"tailscale.com/net/tlsdial"
|
||||||
"tailscale.com/version"
|
"tailscale.com/version"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -188,7 +189,7 @@ func New(collection string) *Policy {
|
|||||||
}
|
}
|
||||||
return w
|
return w
|
||||||
},
|
},
|
||||||
HTTPC: &http.Client{Transport: newLogtailTransport()},
|
HTTPC: &http.Client{Transport: newLogtailTransport(logtail.DefaultHost)},
|
||||||
}
|
}
|
||||||
|
|
||||||
filchBuf, filchErr := filch.New(filepath.Join(dir, version.CmdName()), filch.Options{})
|
filchBuf, filchErr := filch.New(filepath.Join(dir, version.CmdName()), filch.Options{})
|
||||||
@ -231,8 +232,9 @@ func (p *Policy) Shutdown(ctx context.Context) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// newLogtailTransport returns the HTTP Transport we use for uploading logs.
|
// newLogtailTransport returns the HTTP Transport we use for uploading
|
||||||
func newLogtailTransport() *http.Transport {
|
// logs to the given host name.
|
||||||
|
func newLogtailTransport(host string) *http.Transport {
|
||||||
// Start with a copy of http.DefaultTransport and tweak it a bit.
|
// Start with a copy of http.DefaultTransport and tweak it a bit.
|
||||||
tr := http.DefaultTransport.(*http.Transport).Clone()
|
tr := http.DefaultTransport.(*http.Transport).Clone()
|
||||||
|
|
||||||
@ -273,5 +275,8 @@ func newLogtailTransport() *http.Transport {
|
|||||||
tr.ForceAttemptHTTP2 = false
|
tr.ForceAttemptHTTP2 = false
|
||||||
tr.TLSNextProto = map[string]func(authority string, c *tls.Conn) http.RoundTripper{}
|
tr.TLSNextProto = map[string]func(authority string, c *tls.Conn) http.RoundTripper{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tr.TLSClientConfig = tlsdial.Config(host, tr.TLSClientConfig)
|
||||||
|
|
||||||
return tr
|
return tr
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user