ipn/ipnlocal, cmd/tailscale: use wildcard. prefix for cert filenames (#18748)
Stop stripping the "*." prefix from wildcard domains when used as storage keys. Instead, replace "*" with "wildcard_" only at the filesystem boundary in certFile and keyFile. This prevents wildcard and non-wildcard certs from colliding in storage. Updates #1196 Updates #7081 Signed-off-by: Fernando Serboncini <fserb@tailscale.com>
This commit is contained in:
Fernando Serboncini
committed by
GitHub
GitHub
parent
299f1bf581
commit
976aa940ec
@@ -139,7 +139,7 @@ func TestResolveCertDomain(t *testing.T) {
|
||||
domain: "*.unrelated.ts.net",
|
||||
certDomains: []string{"node.ts.net"},
|
||||
hasCap: true,
|
||||
wantErr: `invalid domain "*.unrelated.ts.net"; parent domain must be one of ["node.ts.net"]`,
|
||||
wantErr: `invalid domain "*.unrelated.ts.net"; wildcard certificates are not enabled for this domain`,
|
||||
},
|
||||
{
|
||||
name: "subdomain_unrelated_rejected",
|
||||
|
||||
Reference in New Issue
Block a user