diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2025-01-21 15:30:55 -0800 |
|---|---|---|
| committer | Brad Fitzpatrick <brad@danga.com> | 2025-01-21 17:47:55 -0800 |
| commit | 150cd30b1d28613b50cebde9f18595ef78a2a803 (patch) | |
| tree | f1e99718ef4f4e31e3e6628160c45ebb8b9c4227 /control/controlknobs | |
| parent | e12b2a7267afbd8189c7834b840d2fcdb8786d64 (diff) | |
| download | tailscale-150cd30b1d28613b50cebde9f18595ef78a2a803.tar.xz tailscale-150cd30b1d28613b50cebde9f18595ef78a2a803.zip | |
ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation
We previously baked in the LetsEncrypt x509 root CA for our tlsdial
package.
This moves that out into a new "bakedroots" package and is now also
shared by ipn/ipnlocal's cert validation code (validCertPEM) that
decides whether it's time to fetch a new cert.
Otherwise, a machine without LetsEncrypt roots locally in its system
roots is unable to use tailscale cert/serve and fetch certs.
Fixes #14690
Change-Id: Ic88b3bdaabe25d56b9ff07ada56a27e3f11d7159
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions
