mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
8f0080c7a4
tailscale/ipn
History
Tom Proctor a6e19f2881
ipn/ipnlocal: allow cache hits for testing ACME certs (#15023) 
PR #14771 added support for getting certs from alternate ACME servers, but the
certStore caching mechanism breaks unless you install the CA in system roots,
because we check the validity of the cert before allowing a cache hit, which
includes checking for a valid chain back to a trusted CA. For ease of testing,
allow cert cache hits when the chain is unknown to avoid re-issuing the cert
on every TLS request served. We will still get a cache miss when the cert has
expired, as enforced by a test, and this makes it much easier to test against
non-prod ACME servers compared to having to manage the installation of non-prod
CAs on clients.

Updates #14771

Change-Id: I74fe6593fe399bd135cc822195155e99985ec08a
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-03-11 14:09:46 +00:00
..
conffile ipn/conffile: don't depend on hujson on iOS/Android 2024-10-10 09:14:36 -07:00
desktop various: keep tailscale connected when Always On mode is enabled on Windows 2025-02-14 16:40:54 -06:00
ipnauth ipn/ipnauth: implement WindowsActor 2025-02-11 15:31:42 -06:00
ipnlocal ipn/ipnlocal: allow cache hits for testing ACME certs (#15023) 2025-03-11 14:09:46 +00:00
ipnserver various: keep tailscale connected when Always On mode is enabled on Windows 2025-02-14 16:40:54 -06:00
ipnstate ipn: update AddPeer to include TaildropTarget (#15091) 2025-02-28 14:17:28 -08:00
localapi ipn/{ipnserver,localapi},tsnet: use ipnauth.Self as the actor in tsnet localapi handlers 2025-02-04 16:37:30 -06:00
policy ipn,tailconfig: clean up unreleased and removed app connector service 2023-11-09 22:36:52 -08:00
store ipn/store/kubestore: sanitize keys loaded to in-memory store (#15178) 2025-03-03 16:04:18 +00:00
backend.go ipn: declare NotifyWatchOpt consts without using iota 2025-01-04 18:43:27 -08:00
conf.go ipn/conf.go: add VIPServices to tailscaled configfile (#14345) 2025-01-10 06:33:58 +00:00
doc.go ipn: generate LoginProfileView and use it instead of *LoginProfile where appropriate 2025-01-30 18:12:54 -06:00
ipn_clone.go ipn: generate LoginProfileView and use it instead of *LoginProfile where appropriate 2025-01-30 18:12:54 -06:00
ipn_test.go all: do not depend on the testing package 2024-05-24 05:23:36 -07:00
ipn_view.go ipn: generate LoginProfileView and use it instead of *LoginProfile where appropriate 2025-01-30 18:12:54 -06:00
prefs_test.go types/persist: remove Persist.LegacyFrontendPrivateMachineKey 2025-01-27 22:01:50 +00:00
prefs.go cmd/tailscale,ipn,tailcfg: add tailscale advertise subcommand behind envknob (#13734) 2024-10-16 19:08:06 -04:00
serve_test.go ipn: [serve] warn that foreground funnel won't work if shields are up (#14685) 2025-01-19 19:00:21 +00:00
serve.go tailcfg: add ServiceName 2025-01-22 15:27:46 -05:00
store_test.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00
store.go ipn: add comment about thread-safety to StateStore 2024-03-06 12:42:18 -06:00