feature/featuretags, all: add ts_omit_acme to disable TLS cert support

I'd started to do this in the earlier ts_omit_server PR but decided to split it into this separate PR. Updates #17128 Change-Id: Ief8823a78d1f7bbb79e64a5cab30a7d0a5d6ff4b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-12-24 01:26:39 +00:00 · 2025-09-16 10:07:50 -07:00
parent 99b3f69126
commit e180fc267b
19 changed files with 342 additions and 236 deletions
--- a/ipn/localapi/cert.go
+++ b/ipn/localapi/cert.go
@@ -1,7 +1,7 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

-//go:build !ios && !android && !js
+//go:build !ios && !android && !js && !ts_omit_acme

 package localapi

@@ -14,6 +14,10 @@ import (
 	"tailscale.com/ipn/ipnlocal"
 )

+func init() {
+	Register("cert/", (*Handler).serveCert)
+}
+
 func (h *Handler) serveCert(w http.ResponseWriter, r *http.Request) {
 	if !h.PermitWrite && !h.PermitCert {
 		http.Error(w, "cert access denied", http.StatusForbidden)