mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-04 23:45:34 +00:00
fd6686d81a
When a rotation signature chain reaches a certain size, remove the oldest rotation signature from the chain before wrapping it in a new rotation signature. Since all previous rotation signatures are signed by the same wrapping pubkey (node's own tailnet lock key), the node can re-construct the chain, re-signing previous rotation signatures. This will satisfy the existing certificate validation logic. Updates #13185 Signed-off-by: Anton Tolchanov <anton@tailscale.com> |
||
---|---|---|
.. | ||
aum_test.go | ||
aum.go | ||
builder_test.go | ||
builder.go | ||
chaintest_test.go | ||
deeplink_test.go | ||
deeplink.go | ||
key_test.go | ||
key.go | ||
scenario_test.go | ||
sig_test.go | ||
sig.go | ||
state_test.go | ||
state.go | ||
sync_test.go | ||
sync.go | ||
tailchonk_test.go | ||
tailchonk.go | ||
tka_clone.go | ||
tka_test.go | ||
tka.go |