tailscale/ipn
Anton Tolchanov fd6686d81a tka: truncate long rotation signature chains
When a rotation signature chain reaches a certain size, remove the
oldest rotation signature from the chain before wrapping it in a new
rotation signature.

Since all previous rotation signatures are signed by the same wrapping
pubkey (node's own tailnet lock key), the node can re-construct the
chain, re-signing previous rotation signatures. This will satisfy the
existing certificate validation logic.

Updates #13185

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-09-04 22:17:21 +01:00
..
conffile cmd/tailscaled, ipn/conffile: support ec2 user-data config file 2024-05-30 09:49:18 -07:00
ipnauth ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend 2024-08-28 13:49:58 -05:00
ipnlocal tka: truncate long rotation signature chains 2024-09-04 22:17:21 +01:00
ipnserver ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend 2024-08-28 13:49:58 -05:00
ipnstate cmd/tl-longchain: tool to re-sign nodes with long rotation signatures 2024-08-21 18:22:22 +01:00
localapi cli: implement tailscale dns status (#13353) 2024-09-04 19:43:55 +00:00
policy ipn,tailconfig: clean up unreleased and removed app connector service 2023-11-09 22:36:52 -08:00
store all: add test for package comments, fix, add comments as needed 2024-07-10 09:57:00 -07:00
backend.go health: begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (#12406) 2024-06-14 11:53:56 -07:00
conf.go ipn,wgengine/magicsock: allow setting static node endpoints via tailscaled configfile (#12882) 2024-07-23 16:50:55 +01:00
doc.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ipn_clone.go cmd/cloner, cmd/viewer, util/codegen: add support for generic types and interfaces 2024-07-11 16:38:53 -05:00
ipn_test.go all: do not depend on the testing package 2024-05-24 05:23:36 -07:00
ipn_view.go ipn,wgengine: remove vestigial Prefs.AllowSingleHosts 2024-05-17 20:50:19 -07:00
prefs_test.go ipn: allow FQDN in exit node selection 2024-07-15 11:22:30 -04:00
prefs.go ipn: allow FQDN in exit node selection 2024-07-15 11:22:30 -04:00
serve_test.go cmd/serve: don't convert localhost to 127.0.0.1 2024-06-26 20:57:19 -07:00
serve.go cmd/serve: don't convert localhost to 127.0.0.1 2024-06-26 20:57:19 -07:00
store_test.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00
store.go ipn: add comment about thread-safety to StateStore 2024-03-06 12:42:18 -06:00