ipn/ipnlocal, cmd/tailscale: use wildcard. prefix for cert filenames (#18748)
Stop stripping the "*." prefix from wildcard domains when used as storage keys. Instead, replace "*" with "wildcard_" only at the filesystem boundary in certFile and keyFile. This prevents wildcard and non-wildcard certs from colliding in storage. Updates #1196 Updates #7081 Signed-off-by: Fernando Serboncini <fserb@tailscale.com>
This commit is contained in:
Fernando Serboncini
committed by
GitHub
GitHub
parent
299f1bf581
commit
976aa940ec
@@ -108,8 +108,9 @@ func runCert(ctx context.Context, args []string) error {
|
||||
log.SetFlags(0)
|
||||
}
|
||||
if certArgs.certFile == "" && certArgs.keyFile == "" {
|
||||
certArgs.certFile = domain + ".crt"
|
||||
certArgs.keyFile = domain + ".key"
|
||||
fileBase := strings.Replace(domain, "*.", "wildcard_.", 1)
|
||||
certArgs.certFile = fileBase + ".crt"
|
||||
certArgs.keyFile = fileBase + ".key"
|
||||
}
|
||||
certPEM, keyPEM, err := localClient.CertPairWithValidity(ctx, domain, certArgs.minValidity)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user