diff options
Diffstat (limited to 'net/tlsdial/tlsdial.go')
| -rw-r--r-- | net/tlsdial/tlsdial.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/tlsdial/tlsdial.go b/net/tlsdial/tlsdial.go index 4d22383ef..832a3e67a 100644 --- a/net/tlsdial/tlsdial.go +++ b/net/tlsdial/tlsdial.go @@ -29,6 +29,7 @@ import ( "tailscale.com/health" "tailscale.com/hostinfo" "tailscale.com/net/bakedroots" + "tailscale.com/net/currenttime" "tailscale.com/net/tlsdial/blockblame" ) @@ -144,6 +145,7 @@ func Config(host string, ht *health.Tracker, base *tls.Config) *tls.Config { opts := x509.VerifyOptions{ DNSName: cs.ServerName, Intermediates: x509.NewCertPool(), + CurrentTime: currenttime.Now(), // helps if the system clock is wrong } for _, cert := range cs.PeerCertificates[1:] { opts.Intermediates.AddCert(cert) |