webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipn,cmd/tailscale/cli: set correct SNI name for TLS-terminated TCP Services (#17752)

Browse Source 
Fixes #17749.

Signed-off-by: Naman Sood <mail@nsood.in>
This commit is contained in:
Naman Sood
2026-01-07 09:31:46 -05:00
committed by GitHub
parent 4c3cf8bb11
commit 480ee9fec0
3 changed files with 46 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/tailscale/cli/serve_v2.go
+14 -3
View File
@@ -923,7 +923,7 @@ func (e *serveEnv) setServe(sc *ipn.ServeConfig, dnsName string, srvType serveTy
if e.setPath != "" {
return fmt.Errorf("cannot mount a path for TCP serve")
}
err := e.applyTCPServe(sc, dnsName, srvType, srvPort, target, proxyProtocol)
err := e.applyTCPServe(sc, dnsName, srvType, srvPort, target, mds, proxyProtocol)
if err != nil {
return fmt.Errorf("failed to apply TCP serve: %w", err)
}
@@ -1203,7 +1203,7 @@ func (e *serveEnv) applyWebServe(sc *ipn.ServeConfig, dnsName string, srvPort ui
return nil
}
func (e *serveEnv) applyTCPServe(sc *ipn.ServeConfig, dnsName string, srcType serveType, srcPort uint16, target string, proxyProtocol int) error {
func (e *serveEnv) applyTCPServe(sc *ipn.ServeConfig, dnsName string, srcType serveType, srcPort uint16, target string, mds string, proxyProtocol int) error {
var terminateTLS bool
switch srcType {
case serveTypeTCP:
@@ -1226,11 +1226,22 @@ func (e *serveEnv) applyTCPServe(sc *ipn.ServeConfig, dnsName string, srcType se
return fmt.Errorf("invalid TCP target %q: %v", target, err)
}
// TODO: needs to account for multiple configs from foreground mode
if sc.IsServingWeb(srcPort, svcName) {
return fmt.Errorf("cannot serve TCP; already serving web on %d for %s", srcPort, dnsName)
}
// TODO: needs to account for multiple configs from foreground mode
if svcName := tailcfg.AsServiceName(dnsName); svcName != "" {
sc.SetTCPForwardingForService(srcPort, dstURL.Host, terminateTLS, svcName, proxyProtocol, mds)
return nil
}
// TODO: needs to account for multiple configs from foreground mode
if svcName != "" {
sc.SetTCPForwardingForService(srcPort, dstURL.Host, terminateTLS, svcName, proxyProtocol, mds)
return nil
}
sc.SetTCPForwarding(srcPort, dstURL.Host, terminateTLS, proxyProtocol, dnsName)
return nil
}
cmd/tailscale/cli/serve_v2_test.go
+5 -3
View File
@@ -2077,9 +2077,11 @@ func TestSetServe(t *testing.T) {
if err == nil && tt.expectErr {
t.Fatalf("got no error; expected error.")
}
if !tt.expectErr && !reflect.DeepEqual(tt.cfg, tt.expected) {
svcName := tailcfg.ServiceName(tt.dnsName)
t.Fatalf("got: %v; expected: %v", tt.cfg.Services[svcName], tt.expected.Services[svcName])
if !tt.expectErr {
if diff := cmp.Diff(tt.expected, tt.cfg); diff != "" {
// svcName := tailcfg.ServiceName(tt.dnsName)
t.Fatalf("got diff:\n%s", diff)
}
}
})
}