TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 19:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: remove ancient transition mechanism for https certs

Browse Source 
And confusing error message that duplicated the valid cert domains.

Fixes tailscale/corp#15876

Change-Id: I098bc45d83c8d1e0a233dcdf3188869cce66e128
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2024-02-17 06:27:30 -08:00 committed by Brad Fitzpatrick
parent 6c3899e6ee
commit 794af40f68
1 changed files with 2 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ipn/ipnlocal/cert.go
View File

@ -688,23 +688,8 @@ func checkCertDomain(st *ipnstate.Status, domain string) error {
return nil
}
}
// Transitional way while server doesn't yet populate CertDomains: also permit the client
// attempting Self.DNSName.
okay := st.CertDomains[:len(st.CertDomains):len(st.CertDomains)]
if st.Self != nil {
if v := strings.Trim(st.Self.DNSName, "."); v != "" {
if v == domain {
return nil
}
okay = append(okay, v)
}
}
switch len(okay) {
case 0:
if len(st.CertDomains) == 0 {
return errors.New("your Tailscale account does not support getting TLS certs")
case 1:
return fmt.Errorf("invalid domain %q; only %q is permitted", domain, okay[0])
default:
return fmt.Errorf("invalid domain %q; must be one of %q", domain, okay)
}
return fmt.Errorf("invalid domain %q; must be one of %q", domain, st.CertDomains)
}