TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-04 20:09:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

clientupdate/distsign: use distinct PEM types for root/signing keys (#9045)

Browse Source 
To make key management less error-prone, use different PEM block types
for root and signing keys. As a result, separate out most of the Go code
between root/signing keys too.

Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
This commit is contained in:
Andrew Lytvynov
2023-08-23 17:13:03 -06:00
committed by GitHub
parent 9c07f4f512
commit f61dd12f05
5 changed files with 243 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clientupdate/distsign/roots.go
View File

@@ -41,7 +41,7 @@ func parseRoots() ([]ed25519.PublicKey, error) {
if err != nil {
return nil, err
}
key, err := parseSinglePublicKey(raw)
key, err := parseSinglePublicKey(raw, pemTypeRootPublic)
if err != nil {
return nil, fmt.Errorf("parsing root key %q: %w", f.Name(), err)
}