You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/net
Andrew Dunham 2755f3843c health, net/tlsdial: add healthcheck for self-signed cert
When we make a connection to a server, we previously would verify with
the system roots, and then fall back to verifying with our baked-in
Let's Encrypt root if the system root cert verification failed.

We now explicitly check for, and log a health error on, self-signed
certificates. Additionally, we now always verify against our baked-in
Let's Encrypt root certificate and log an error if that isn't
successful. We don't consider this a health failure, since if we ever
change our server certificate issuer in the future older non-updated
versions of Tailscale will no longer be healthy despite being able to
connect.

Updates #3198

Change-Id: I00be5ceb8afee544ee795e3c7a2815476abc4abf
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
2 years ago
..
connstats all: update copyright and license headers 2 years ago
dns all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork 2 years ago
dnscache all: update copyright and license headers 2 years ago
dnsfallback all: update copyright and license headers 2 years ago
flowtrack all: update copyright and license headers 2 years ago
interfaces all: update copyright and license headers 2 years ago
memnet net/memnet: rename from net/nettest 2 years ago
netaddr all: update copyright and license headers 2 years ago
netcheck all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork 2 years ago
neterror all: update copyright and license headers 2 years ago
netknob all: update copyright and license headers 2 years ago
netns all: update copyright and license headers 2 years ago
netstat all: update copyright and license headers 2 years ago
netutil all: update copyright and license headers 2 years ago
packet all: update copyright and license headers 2 years ago
ping all: update copyright and license headers 2 years ago
portmapper all: update tools that manage copyright headers 2 years ago
proxymux all: update copyright and license headers 2 years ago
routetable all: update copyright and license headers 2 years ago
socks5 all: update copyright and license headers 2 years ago
speedtest all: update copyright and license headers 2 years ago
stun all: use Go 1.20's bytes.Clone 2 years ago
tlsdial health, net/tlsdial: add healthcheck for self-signed cert 2 years ago
tsaddr all: update copyright and license headers 2 years ago
tsdial all: update copyright and license headers 2 years ago
tshttpproxy all: update copyright and license headers 2 years ago
tstun all: update copyright and license headers 2 years ago
wsconn all: update copyright and license headers 2 years ago