ipn/ipnlocal: filter peers with bad signatures when tka is enabled

Signed-off-by: Tom DNetto <tom@tailscale.com>
2025-08-23 03:17:43 +00:00 · 2022-10-04 10:51:45 -07:00
parent 01ebef0f4f
commit 73db56af52
4 changed files with 101 additions and 0 deletions
--- a/envknob/envknob.go
+++ b/envknob/envknob.go
@@ -277,6 +277,11 @@ func SSHPolicyFile() string { return String("TS_DEBUG_SSH_POLICY_FILE") }
 // SSHIgnoreTailnetPolicy is whether to ignore the Tailnet SSH policy for development.
 func SSHIgnoreTailnetPolicy() bool { return Bool("TS_DEBUG_SSH_IGNORE_TAILNET_POLICY") }

+
+// TKASkipSignatureCheck is whether to skip node-key signature checking for development.
+func TKASkipSignatureCheck() bool { return Bool("TS_UNSAFE_SKIP_NKS_VERIFICATION") }
+
+
 // NoLogsNoSupport reports whether the client's opted out of log uploads and
 // technical support.
 func NoLogsNoSupport() bool {