webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity
Files
583f740c0b583081b0c1a39f92e349c49c0c4a41
tailscale/tstest/tlstest/testdata/proxy.tstest.key
T
Brad Fitzpatrick e92eb6b17b net/tlsdial: fix TLS cert validation of HTTPS proxies 
If you had HTTPS_PROXY=https://some-valid-cert.example.com running a
CONNECT proxy, we should've been able to do a TLS CONNECT request to
e.g. controlplane.tailscale.com:443 through that, and I'm pretty sure
it used to work, but refactorings and lack of integration tests made
it regress.

It probably regressed when we added the baked-in LetsEncrypt root cert
validation fallback code, which was testing against the wrong hostname
(the ultimate one, not the one which we were being asked to validate)

Fixes #16222

Change-Id: If014e395f830e2f87f056f588edacad5c15e91bc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-06-18 14:20:39 -07:00

6 lines
227 B
Plaintext
Raw Blame History

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEING1XBDWFXQjqBmLjhp20hXOf2rk/I0N6W7muv9RVvk3oAoGCCqGSM49
AwEHoUQDQgAE8lxnEEeLqYikwmXbXSsIQSw20R0oLA831s960KQZEgt0P9SbWcJc
QTk98rdfYT/QDdHn157Oh4FPcDtxmdQ4vw==
-----END EC PRIVATE KEY-----
Reference in New Issue View Git Blame Copy Permalink