TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-13 22:47:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

control/controlhttp: don't require valid TLS cert for Noise connection

Browse Source 
We don't require any cert at all for Noise-over-plaintext-port-80-HTTP,
so why require a valid cert chain for Noise-over-HTTPS? The reason we use
HTTPS at all is to get through firewalls that allow tcp/443 but not tcp/80,
not because we need the security properties of TLS.

Updates #3198

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2023-02-08 18:24:30 +00:00
committed by Brad Fitzpatrick
parent 2477fc4952
commit fb84ccd82d
3 changed files with 43 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
control/controlhttp/constants.go
View File

@@ -78,9 +78,9 @@ type Dialer struct {
proxyFunc func(*http.Request) (*url.URL, error) // or nil
// For tests only
drainFinished chan struct{}
insecureTLS bool
testFallbackDelay time.Duration
drainFinished chan struct{}
omitCertErrorLogging bool
testFallbackDelay time.Duration
}
func strDef(v1, v2 string) string {