(ctx context.Context, hello *tls.ClientHelloInfo)
| 43 | } |
| 44 | |
| 45 | func (ts Tailscale) GetCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (*tls.Certificate, error) { |
| 46 | canGetCert, err := ts.canHazCertificate(ctx, hello) |
| 47 | if err == nil && !canGetCert { |
| 48 | return nil, nil // pass-thru: Tailscale can't offer a cert for this name |
| 49 | } |
| 50 | if err != nil { |
| 51 | if c := ts.logger.Check(zapcore.WarnLevel, "could not get status; will try to get certificate anyway"); c != nil { |
| 52 | c.Write(zap.Error(err)) |
| 53 | } |
| 54 | } |
| 55 | return tscert.GetCertificateWithContext(ctx, hello) |
| 56 | } |
| 57 | |
| 58 | // canHazCertificate returns true if Tailscale reports it can get a certificate for the given ClientHello. |
| 59 | func (ts Tailscale) canHazCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (bool, error) { |
no test coverage detected