tlsdial

package
v1.78.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: BSD-3-Clause Imports: 17 Imported by: 18

Documentation

Overview

Package tlsdial generates tls.Config values and does x509 validation of certs. It bakes in the LetsEncrypt roots so even if the user's machine doesn't have TLS roots, we can at least connect to Tailscale's LetsEncrypt services. It's the unified point where we can add shared policy on outgoing TLS connections from the three places in the client that connect to Tailscale (logs, control, DERP).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Config

func Config(host string, ht *health.Tracker, base *tls.Config) *tls.Config

Config returns a tls.Config for connecting to a server. If base is non-nil, it's cloned as the base config before being configured and returned. If ht is non-nil, it's used to report health errors.

func NewTransport added in v1.50.0

func NewTransport() *http.Transport

NewTransport returns a new HTTP transport that verifies TLS certs using this package, including its baked-in LetsEncrypt fallback roots.

func SetConfigExpectedCert

func SetConfigExpectedCert(c *tls.Config, certDNSName string)

SetConfigExpectedCert modifies c to expect and verify that the server returns a certificate for the provided certDNSName.

This is for user-configurable client-side domain fronting support, where we send one SNI value but validate a different cert.

Types

This section is empty.

Directories

Path Synopsis
Package blockblame blames specific firewall manufacturers for blocking Tailscale, by analyzing the SSL certificate presented when attempting to connect to a remote server.
Package blockblame blames specific firewall manufacturers for blocking Tailscale, by analyzing the SSL certificate presented when attempting to connect to a remote server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL