CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 21:01:54 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
33cd8ea86b
tailscale/ipn
History
Brad Fitzpatrick a182b864ac tsd, all: add Sys.ExtraRootCAs, plumb through TLS dial paths 
Add ExtraRootCAs *x509.CertPool to tsd.System and plumb it through
the control client, noise transport, DERP, and wgengine layers so
that platforms like Android can inject user-installed CA certificates
into Go's TLS verification.

tlsdial.Config now honors base.RootCAs as additional trusted roots,
tried after system roots and before the baked-in LetsEncrypt fallback.
SetConfigExpectedCert gets the same treatment for domain-fronted DERP.

The Android client will set sys.ExtraRootCAs with a pool built from
x509.SystemCertPool + user-installed certs obtained via the Android
KeyStore API, replacing the current SSL_CERT_DIR environment variable
approach.

Updates #8085

Change-Id: Iecce0fd140cd5aa0331b124e55a7045e24d8e0c2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2026-04-07 18:10:54 -07:00
..
auditlog all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
conffile all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
desktop ipn/desktop: use runtime.Pinner to force heap-allocation of msg 2026-04-07 12:55:11 -05:00
ipnauth all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ipnext feature/conn25,ipn/ipnext,ipn/ipnlocal: add ExtraRouterConfigRoutes hook 2026-03-25 19:28:33 -07:00
ipnlocal tsd, all: add Sys.ExtraRootCAs, plumb through TLS dial paths 2026-04-07 18:10:54 -07:00
ipnserver ipn/ipnserver: use peercreds for actor.Username on freebsd (for Taildrive) 2026-03-24 20:35:56 -07:00
ipnstate types/ptr: deprecate ptr.To, use Go 1.26 new 2026-03-05 20:13:18 -08:00
lapitest types/ptr: deprecate ptr.To, use Go 1.26 new 2026-03-05 20:13:18 -08:00
localapi ipn/localapi, cli, clientmetric: add ipnbus feature tag; fix omit.go stub 2026-04-07 10:22:37 -07:00
policy all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
store all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
backend_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
backend.go ipn,ipn/local: broadcast ClientVersion if AutoUpdate.Check (#19107) 2026-03-24 15:06:20 -07:00
conf_test.go ipn: reject advertised routes with non-address bits set (#18649) 2026-03-20 10:10:43 -07:00
conf.go ipn: fix the typo causing NoSNAT always set to true (#19110) 2026-03-24 16:41:58 -04:00
doc.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ipn_clone.go tailcfg: reintroduce UserProfile.Groups 2026-03-09 11:08:45 +00:00
ipn_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ipn_view.go tailcfg: reintroduce UserProfile.Groups 2026-03-09 11:08:45 +00:00
prefs_test.go cmd/vet: add subtestnames analyzer; fix all existing violations 2026-04-05 15:52:51 -07:00
prefs.go ipn, cmd/tailscale/cli: allow setting FQDN sans dot as an exit node 2026-04-01 20:42:35 +01:00
serve_expand_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
serve_test.go cmd/vet: add subtestnames analyzer; fix all existing violations 2026-04-05 15:52:51 -07:00
serve.go all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
store_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
store.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00