diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-03-08 14:51:09 -0800 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-03-08 15:00:47 -0800 |
| commit | 3928ea206e1002b957e32797c86c97ddd1137f69 (patch) | |
| tree | 23ba528767ee6330446a44437a3693953397eac1 /control/controlhttp/client.go | |
| parent | 61cdcf40829290a98222a76ec6682965a238bbdf (diff) | |
| download | tailscale-bradfitz/key_rotation_prep.tar.xz tailscale-bradfitz/key_rotation_prep.zip | |
control/controlhttp: send expected control public key in upgrade requestbradfitz/key_rotation_prep
So we can do key rotation later and have small windows of overlapping
valid server keys.
Updates #3488
Change-Id: Ib5c7f2006a797a069e3f55d37f5d41f533e82f71
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'control/controlhttp/client.go')
| -rw-r--r-- | control/controlhttp/client.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/control/controlhttp/client.go b/control/controlhttp/client.go index c9db75025..62bdce556 100644 --- a/control/controlhttp/client.go +++ b/control/controlhttp/client.go @@ -50,6 +50,10 @@ const ( // payload, to save an RTT. handshakeHeaderName = "X-Tailscale-Handshake" + // serverPubHeaderName is the HTTP request header that + // says the expected public key of the control plane. + serverPubHeaderName = "X-Tailscale-Control-Public" + // serverUpgradePath is where the server-side HTTP handler to // to do the protocol switch is located. serverUpgradePath = "/ts2021" @@ -194,6 +198,7 @@ func (a *dialParams) tryURL(u *url.URL, init []byte) (net.Conn, error) { "Upgrade": []string{upgradeHeaderValue}, "Connection": []string{"upgrade"}, handshakeHeaderName: []string{base64.StdEncoding.EncodeToString(init)}, + serverPubHeaderName: []string{a.controlKey.String()}, }, } req = req.WithContext(ctx) |