TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 13:05:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
c1ecae13ab
tailscale/ipn/ipnlocal
History
Andrew Lytvynov c1ecae13ab
ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 
While our `shouldStartDomainRenewal` check is correct, `getCertPEM`
would always bail if the existing cert is not expired. Add the same
`shouldStartDomainRenewal` check to `getCertPEM` to make it proceed with
renewal when existing certs are still valid but should be renewed.

The extra check is expensive (ARI request towards LetsEncrypt), so cache
the last check result for 1hr to not degrade `tailscale serve`
performance.

Also, asynchronous renewal is great for `tailscale serve` but confusing
for `tailscale cert`. Add an explicit flag to `GetCertPEM` to force a
synchronous renewal for `tailscale cert`.

Fixes #8725

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-07-27 12:29:40 -07:00
..
testdata ipn/ipnlocal: fix the path for writing cert files (#7203) 2023-02-07 14:34:04 -08:00
c2n.go util/goroutines: let ScrubbedGoroutineDump get only current stack 2023-06-23 12:50:45 -07:00
cert_js.go ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 2023-07-27 12:29:40 -07:00
cert_test.go ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 2023-07-27 12:29:40 -07:00
cert.go ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 2023-07-27 12:29:40 -07:00
dnsconfig_test.go all: use cmpx.Or where it made sense 2023-06-07 22:06:24 -07:00
expiry_test.go ci: add more lints (#7909) 2023-04-19 21:54:19 -04:00
expiry.go various: add golangci-lint, fix issues (#7905) 2023-04-17 18:38:24 -04:00
local_test.go tsd: add package with System type to unify subsystem init, discovery 2023-05-04 14:21:59 -07:00
local.go cli: introduce exit-node subcommand to list and filter exit nodes 2023-07-26 16:41:52 -07:00
loglines_test.go tsd: add package with System type to unify subsystem init, discovery 2023-05-04 14:21:59 -07:00
network-lock_test.go ipn: rename CapTailnetLockAlpha -> CapTailnetLock 2023-07-11 12:47:02 -05:00
network-lock.go cmd/tailscale: warn if node is locked out on bringup 2023-07-19 12:31:21 -05:00
peerapi_h2c.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
peerapi_macios_ext.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
peerapi_test.go ipn/ipnlocal: drop not required StateKey parameter 2023-01-30 17:58:55 -08:00
peerapi.go tailcfg,ipn/ipnlocal,wgengine: add values to PeerCapabilities 2023-07-25 14:32:51 -07:00
profiles_notwindows.go ipn/ipnlocal, util/winutil/policy: modify Windows profile migration to load legacy prefs from within tailscaled 2023-04-03 14:41:46 -07:00
profiles_test.go ipn/ipnlocal: reenable profile tests on Windows 2023-04-26 11:33:38 -07:00
profiles_windows.go ipn/ipnlocal: add more logging during profile migration 2023-06-01 21:00:55 -04:00
profiles.go ipn/ipnlocal: add more logging during profile migration 2023-06-01 21:00:55 -04:00
serve_test.go ipn/ipnlocal: add docs header to serve HTTP proxy 2023-06-20 16:46:10 -04:00
serve.go ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731) 2023-07-27 12:29:40 -07:00
ssh_stub.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ssh_test.go ipn/ipnlocal: drop not required StateKey parameter 2023-01-30 17:58:55 -08:00
ssh.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
state_test.go tsd: add package with System type to unify subsystem init, discovery 2023-05-04 14:21:59 -07:00