huanld/tailscale-custom
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases 2 Wiki Activity
Files
e92eb6b17bb59cd66cd78c90db3b285015ed5e11
tailscale-custom/tstest/tlstest/testdata/root-ca.key
T
Brad Fitzpatrick e92eb6b17b net/tlsdial: fix TLS cert validation of HTTPS proxies 
If you had HTTPS_PROXY=https://some-valid-cert.example.com running a
CONNECT proxy, we should've been able to do a TLS CONNECT request to
e.g. controlplane.tailscale.com:443 through that, and I'm pretty sure
it used to work, but refactorings and lack of integration tests made
it regress.

It probably regressed when we added the baked-in LetsEncrypt root cert
validation fallback code, which was testing against the wrong hostname
(the ultimate one, not the one which we were being asked to validate)

Fixes #16222

Change-Id: If014e395f830e2f87f056f588edacad5c15e91bc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-06-18 14:20:39 -07:00

6 lines
227 B
Plaintext
Raw Blame History

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIMl3xjqt1dnXBpYJSEqevirAcnSJ79I2tucdRazlrDG9oAoGCCqGSM49
AwEHoUQDQgAEQ/+Jme+16hgO7TtPSIFHVV0Yt969ltVlARVcNUZmWc0upQaq7uiJ
Aur5KtzwxU3YI4bhNK0593OK2TLvEEWIdw==
-----END EC PRIVATE KEY-----
Reference in New Issue View Git Blame Copy Permalink