net/tlsdial: add package for TLS dials, and make DERP & controlclient use it

This will do the iOS-optimized cert checking in a following change.
2025-08-21 10:27:30 +00:00 · 2020-04-25 13:24:53 -07:00
parent d427fc023e
commit b6fa5a69be
3 changed files with 36 additions and 13 deletions
--- a/net/tlsdial/tlsdial.go
+++ b/net/tlsdial/tlsdial.go
@@ -0,0 +1,24 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package tlsdial sets up a tls.Config for x509 validation, using
+// a memory-optimized path for iOS.
+package tlsdial
+
+import "crypto/tls"
+
+// Config returns a tls.Config for dialing the given host.
+// If base is non-nil, it's cloned as the base config before
+// being configured and returned.
+func Config(host string, base *tls.Config) *tls.Config {
+	var conf *tls.Config
+	if base == nil {
+		conf = new(tls.Config)
+	} else {
+		conf = base.Clone()
+	}
+	conf.ServerName = host
+
+	return conf
+}