summaryrefslogtreecommitdiffhomepage
path: root/control/controlknobs
diff options
context:
space:
mode:
authorBrad Fitzpatrick <bradfitz@tailscale.com>2025-01-21 15:30:55 -0800
committerBrad Fitzpatrick <brad@danga.com>2025-01-21 17:47:55 -0800
commit150cd30b1d28613b50cebde9f18595ef78a2a803 (patch)
treef1e99718ef4f4e31e3e6628160c45ebb8b9c4227 /control/controlknobs
parente12b2a7267afbd8189c7834b840d2fcdb8786d64 (diff)
downloadtailscale-150cd30b1d28613b50cebde9f18595ef78a2a803.tar.xz
tailscale-150cd30b1d28613b50cebde9f18595ef78a2a803.zip
ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation
We previously baked in the LetsEncrypt x509 root CA for our tlsdial package. This moves that out into a new "bakedroots" package and is now also shared by ipn/ipnlocal's cert validation code (validCertPEM) that decides whether it's time to fetch a new cert. Otherwise, a machine without LetsEncrypt roots locally in its system roots is unable to use tailscale cert/serve and fetch certs. Fixes #14690 Change-Id: Ic88b3bdaabe25d56b9ff07ada56a27e3f11d7159 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions