tailscale/net/bakedroots/bakedroots_test.go at 150cd30b1d28613b50cebde9f18595ef78a2a803 - tailscale - Codinget Gitea

webnet/tailscale

Files

T

Brad Fitzpatrick 150cd30b1d ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation

We previously baked in the LetsEncrypt x509 root CA for our tlsdial
package.

This moves that out into a new "bakedroots" package and is now also
shared by ipn/ipnlocal's cert validation code (validCertPEM) that
decides whether it's time to fetch a new cert.

Otherwise, a machine without LetsEncrypt roots locally in its system
roots is unable to use tailscale cert/serve and fetch certs.

Fixes #14690

Change-Id: Ic88b3bdaabe25d56b9ff07ada56a27e3f11d7159
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

2025-01-21 17:47:55 -08:00

16 lines

285 B

Go

Raw Blame History

 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 package bakedroots
 import "testing"
 func TestBakedInRoots(t *testing.T) {
 	ResetForTest(t, nil)
 	p := Get()
 	got := p.Subjects()
 	if len(got) != 1 {
 		t.Errorf("subjects = %v; want 1", len(got))
 	}
 }