Documentation ¶
Overview ¶
Package tlsdial generates tls.Config values and does x509 validation of certs. It bakes in the LetsEncrypt roots so even if the user's machine doesn't have TLS roots, we can at least connect to Tailscale's LetsEncrypt services. It's the unified point where we can add shared policy on outgoing TLS connections from the three places in the client that connect to Tailscale (logs, control, DERP).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Config ¶
Config returns a tls.Config for connecting to a server. If base is non-nil, it's cloned as the base config before being configured and returned. If ht is non-nil, it's used to report health errors.
func NewTransport ¶ added in v1.50.0
NewTransport returns a new HTTP transport that verifies TLS certs using this package, including its baked-in LetsEncrypt fallback roots.
func SetConfigExpectedCert ¶
SetConfigExpectedCert modifies c to expect and verify that the server returns a certificate for the provided certDNSName.
This is for user-configurable client-side domain fronting support, where we send one SNI value but validate a different cert.
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package blockblame blames specific firewall manufacturers for blocking Tailscale, by analyzing the SSL certificate presented when attempting to connect to a remote server.
|
Package blockblame blames specific firewall manufacturers for blocking Tailscale, by analyzing the SSL certificate presented when attempting to connect to a remote server. |