tailscale

TheArchive/tailscale

Fork 0

mirror of https://github.com/tailscale/tailscale.git synced 2024-11-26 11:35:35 +00:00

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	7cf8ec8108	net/tlsdial: bake in LetsEncrypt's ISRG Root X1 root We still try the host's x509 roots first, but if that fails (like if the host is old), we fall back to using LetsEncrypt's root and retrying with that. tlsdial was used in the three main places: logs, control, DERP. But it was missing in dnsfallback. So added it there too, so we can run fine now on a machine with no DNS config and no root CAs configured. Also, move SSLKEYLOGFILE support out of DERP. tlsdial is the logical place for that support. Fixes #1609 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2021-10-01 08:30:07 -07:00

Author

SHA1

Message

Date

Brad Fitzpatrick

7cf8ec8108

net/tlsdial: bake in LetsEncrypt's ISRG Root X1 root

We still try the host's x509 roots first, but if that fails (like if
the host is old), we fall back to using LetsEncrypt's root and
retrying with that.

tlsdial was used in the three main places: logs, control, DERP. But it
was missing in dnsfallback. So added it there too, so we can run fine
now on a machine with no DNS config and no root CAs configured.

Also, move SSLKEYLOGFILE support out of DERP. tlsdial is the logical place
for that support.

Fixes #1609

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

2021-10-01 08:30:07 -07:00

1 Commits