Fallback across VPN fabric endpoint candidates
This commit is contained in:
@@ -316,6 +316,9 @@ legacy peer endpoints when the control plane has not published candidates yet.
|
||||
The temporary self-signed QUIC listener advertises its SHA-256 certificate
|
||||
fingerprint in endpoint metadata, and the QUIC client can pin that fingerprint
|
||||
instead of disabling verification while the cluster CA path is being finished.
|
||||
VPN fabric-session dialing now walks all ranked endpoint candidates before
|
||||
falling back to the legacy peer endpoint, so a failed QUIC candidate does not
|
||||
block WebSocket/HTTPS compatibility transport.
|
||||
|
||||
Deliverables:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user