mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
2755f3843c
When we make a connection to a server, we previously would verify with the system roots, and then fall back to verifying with our baked-in Let's Encrypt root if the system root cert verification failed. We now explicitly check for, and log a health error on, self-signed certificates. Additionally, we now always verify against our baked-in Let's Encrypt root certificate and log an error if that isn't successful. We don't consider this a health failure, since if we ever change our server certificate issuer in the future older non-updated versions of Tailscale will no longer be healthy despite being able to connect. Updates #3198 Change-Id: I00be5ceb8afee544ee795e3c7a2815476abc4abf Signed-off-by: Andrew Dunham <andrew@du.nham.ca> |
||
|---|---|---|
| .. | ||
| addlicense | ||
| cloner | ||
| containerboot | ||
| derper | ||
| derpprobe | ||
| gitops-pusher | ||
| hello | ||
| k8s-operator | ||
| mkmanifest | ||
| mkpkg | ||
| nardump | ||
| netlogfmt | ||
| nginx-auth | ||
| pgproxy | ||
| printdep | ||
| proxy-to-grafana | ||
| speedtest | ||
| ssh-auth-none-demo | ||
| stunc | ||
| sync-containers | ||
| tailscale | ||
| tailscaled | ||
| testcontrol | ||
| testwrapper | ||
| tsconnect | ||
| tsshd | ||
| viewer | ||