From 9be9738f625639ef5d9d72529a33186e632366e4 Mon Sep 17 00:00:00 2001
From: David Crawshaw <crawshaw@tailscale.com>
Date: Tue, 3 Mar 2020 16:48:57 -0500
Subject: [PATCH] derphttp: add TLSConfig field

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
---
 derp/derphttp/derphttp_client.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/derp/derphttp/derphttp_client.go b/derp/derphttp/derphttp_client.go
index 2059a12b7..2d1a821d7 100644
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@@ -37,6 +37,8 @@ import (
 // Send/Recv will completely re-establish the connection (unless Close
 // has been called).
 type Client struct {
+	TLSConfig *tls.Config // for sever connection, optional, nil means default
+
 	privateKey key.Private
 	logf       logger.Logf
 	url        *url.URL
@@ -167,7 +169,12 @@ func (c *Client) connect(ctx context.Context, caller string) (client *derp.Clien
 
 	var httpConn net.Conn // a TCP conn or a TLS conn; what we speak HTTP to
 	if c.url.Scheme == "https" {
-		httpConn = tls.Client(tcpConn, &tls.Config{ServerName: c.url.Host})
+		tlsConfig := &tls.Config{}
+		if c.TLSConfig != nil {
+			tlsConfig = c.TLSConfig.Clone()
+		}
+		tlsConfig.ServerName = c.url.Host
+		httpConn = tls.Client(tcpConn, tlsConfig)
 	} else {
 		httpConn = tcpConn
 	}