diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-03-08 14:51:09 -0800 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@tailscale.com> | 2022-03-08 15:00:47 -0800 |
| commit | 3928ea206e1002b957e32797c86c97ddd1137f69 (patch) | |
| tree | 23ba528767ee6330446a44437a3693953397eac1 /control/controlhttp/server.go | |
| parent | 61cdcf40829290a98222a76ec6682965a238bbdf (diff) | |
| download | tailscale-bradfitz/key_rotation_prep.tar.xz tailscale-bradfitz/key_rotation_prep.zip | |
control/controlhttp: send expected control public key in upgrade requestbradfitz/key_rotation_prep
So we can do key rotation later and have small windows of overlapping
valid server keys.
Updates #3488
Change-Id: Ib5c7f2006a797a069e3f55d37f5d41f533e82f71
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'control/controlhttp/server.go')
| -rw-r--r-- | control/controlhttp/server.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/control/controlhttp/server.go b/control/controlhttp/server.go index 92bd9ec9b..a446a0ebc 100644 --- a/control/controlhttp/server.go +++ b/control/controlhttp/server.go @@ -44,6 +44,18 @@ func AcceptHTTP(ctx context.Context, w http.ResponseWriter, r *http.Request, pri return nil, fmt.Errorf("decoding base64 handshake header: %v", err) } + if wantPub := r.Header.Get(serverPubHeaderName); wantPub != "" { + // If the client declared the public key they expect to speak to, + // check it. + // TODO: replace the 'private' parameter with a func/interface + // that looks up the private key as a function of the public key + // to see if we have a currently in-rotation key that's valid. + if private.Public().String() != wantPub { + http.Error(w, "requested server key unavailable", http.StatusServiceUnavailable) + return nil, errors.New("client requested unavailble server key") + } + } + hijacker, ok := w.(http.Hijacker) if !ok { http.Error(w, "make request over HTTP/1", http.StatusBadRequest) |