archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

derp: set NotBefore and NotAfter in DERP server's metacert

Browse Source 
Fixes regression from e415991256 that
only affected Windows users because Go only on Windows delegates x509
cert validation to the OS and Windows as unhappy with our "metacert"
lacking NotBefore and NotAfter.

Fixes #705
crawshaw/e2etest
Brad Fitzpatrick 4 years ago
parent a903d6c2ed
commit 169ff22a84
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
derp/derp_server.go
Unescape Escape View File

@ -306,6 +306,9 @@ func (s *Server) initMetacert() {
Subject: pkix.Name{ Subject: pkix.Name{
CommonName: fmt.Sprintf("derpkey%x", s.publicKey[:]), CommonName: fmt.Sprintf("derpkey%x", s.publicKey[:]),
}, },
// Windows requires NotAfter and NotBefore set:
NotAfter: time.Now().Add(30 * 24 * time.Hour),
NotBefore: time.Now().Add(-30 * 24 * time.Hour),
} }
cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv) cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv)
if err != nil { if err != nil {

Write Preview
Loading…
Cancel
Save