tailscale/derp
Brad Fitzpatrick 349015098d net/tlsdial: bake in LetsEncrypt's ISRG Root X1 root
We still try the host's x509 roots first, but if that fails (like if
the host is old), we fall back to using LetsEncrypt's root and
retrying with that.

tlsdial was used in the three main places: logs, control, DERP. But it
was missing in dnsfallback. So added it there too, so we can run fine
now on a machine with no DNS config and no root CAs configured.

Also, move SSLKEYLOGFILE support out of DERP. tlsdial is the logical place
for that support.

Fixes #1609

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 7cf8ec8108)
2021-10-01 11:04:21 -07:00
..
derphttp net/tlsdial: bake in LetsEncrypt's ISRG Root X1 root 2021-10-01 11:04:21 -07:00
testdata derp: add debug traffic handler 2021-06-18 15:47:55 -07:00
derp.go wgengine/magicsock, derp, derp/derphttp: respond to DERP server->client pings 2021-03-09 13:56:13 -08:00
derp_client.go cmd/derper/derpprobe: add derp prober 2021-07-13 08:30:15 -07:00
derp_server.go derp: fix meshing accounting edge case bug 2021-08-21 19:54:55 -07:00
derp_test.go derp: fix meshing accounting edge case bug 2021-08-21 19:54:55 -07:00
dropreason_string.go scripts: remove special case for _strings.go files in check license headers 2021-07-19 15:31:56 -07:00