derphttp: add TLSConfig field

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
pull/141/head
David Crawshaw 5 years ago committed by David Crawshaw
parent caec2c7e8b
commit 9be9738f62

@ -37,6 +37,8 @@ import (
// Send/Recv will completely re-establish the connection (unless Close // Send/Recv will completely re-establish the connection (unless Close
// has been called). // has been called).
type Client struct { type Client struct {
TLSConfig *tls.Config // for sever connection, optional, nil means default
privateKey key.Private privateKey key.Private
logf logger.Logf logf logger.Logf
url *url.URL url *url.URL
@ -167,7 +169,12 @@ func (c *Client) connect(ctx context.Context, caller string) (client *derp.Clien
var httpConn net.Conn // a TCP conn or a TLS conn; what we speak HTTP to var httpConn net.Conn // a TCP conn or a TLS conn; what we speak HTTP to
if c.url.Scheme == "https" { if c.url.Scheme == "https" {
httpConn = tls.Client(tcpConn, &tls.Config{ServerName: c.url.Host}) tlsConfig := &tls.Config{}
if c.TLSConfig != nil {
tlsConfig = c.TLSConfig.Clone()
}
tlsConfig.ServerName = c.url.Host
httpConn = tls.Client(tcpConn, tlsConfig)
} else { } else {
httpConn = tcpConn httpConn = tcpConn
} }

Loading…
Cancel
Save