You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Brad Fitzpatrick
7fac0175c0
cmd/derper, derp/derphttp: support, generate self-signed IP address certs ...
For people who can't use LetsEncrypt because it's banned.
Per https://github.com/tailscale/tailscale/issues/11776#issuecomment-2520955317
This does two things:
1) if you run derper with --certmode=manual and --hostname=$IP_ADDRESS
we previously permitted, but now we also:
* auto-generate the self-signed cert for you if it doesn't yet exist on disk
* print out the derpmap configuration you need to use that
self-signed cert
2) teaches derp/derphttp's derp dialer to verify the signature of
self-signed TLS certs, if so declared in the existing
DERPNode.CertName field, which previously existed for domain fronting,
separating out the dial hostname from how certs are validates,
so it's not overloaded much; that's what it was meant for.
Fixes #11776
Change-Id: Ie72d12f209416bb7e8325fe0838cd2c66342c5cf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
..
art
all: fix new lint warnings from bumping staticcheck
2 years ago
bakedroots
net/bakedroots: add LetsEncrypt ISRG Root X2
1 year ago
captivedetection
derp/derphttp,ipn/localapi,net/captivedetection: add cache resistance to captive portal detection
1 year ago
connstats
{net/connstats,wgengine/magicsock}: fix packet counting in connstats
2 years ago
dns
net/dns: update to illarion/gonotify/v3 to fix a panic
1 year ago
dnscache
net/dnscache: don't fall back to an IPv6 dial if we don't have IPv6
2 years ago
dnsfallback
{control,net}: close idle connections of custom transports
2 years ago
flowtrack
net/flowtrack: fix, test String method
2 years ago
ipset
all: use iterators over slice views more
1 year ago
ktimeout
various: disable MPTCP when setting TCP_USER_TIMEOUT sockopt ( #15063 )
1 year ago
memnet
net/memnet: export the network name ( #9111 )
3 years ago
netaddr
all: update copyright and license headers
3 years ago
netcheck
net/netcheck: remove unnecessary custom map clone function
1 year ago
neterror
net/neterror, wgengine/magicsock: use UDP GSO and GRO on Linux ( #7791 )
3 years ago
netkernelconf
ipn/{ipnlocal,localapi},net/netkernelconf,client/tailscale,cmd/containerboot: optionally enable UDP GRO forwarding for containers ( #12410 )
2 years ago
netknob
all: update copyright and license headers
3 years ago
netmon
net/netmon: add extra panic guard around ParseRIB
1 year ago
netns
net/netns: remove some logspam by avoiding logging parse errors due to unspecified addresses
2 years ago
netstat
all: add test for package comments, fix, add comments as needed
2 years ago
netutil
all: illumos/solaris userspace only support
1 year ago
packet
feature/capture: move packet capture to feature/*, out of iOS + CLI
1 year ago
ping
net/ping: fix ICMP echo code field to 0
3 years ago
portmapper
net/portmapper: don't treat 0.0.0.0 as a valid IP
2 years ago
proxymux
all: cleanup unused code, part 1 ( #10661 )
2 years ago
routetable
net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon
2 years ago
socks5
net/socks5: optimize UDP relay
1 year ago
sockstats
net/sockstats: prevent crash in setNetMon ( #13985 )
1 year ago
speedtest
all: update copyright and license headers
3 years ago
stun
ci: enable checklocks workflow for specific packages
2 years ago
stunserver
all: use Go 1.22 range-over-int
2 years ago
tcpinfo
all: use Go 1.22 range-over-int
2 years ago
tlsdial
cmd/derper, derp/derphttp: support, generate self-signed IP address certs
1 year ago
tsaddr
net/tsaddr: include test input in test failure output
1 year ago
tsdial
all: use iterators over slice views more
1 year ago
tshttpproxy
all: fix golangci-lint errors
1 year ago
tstun
feature/capture: move packet capture to feature/*, out of iOS + CLI
1 year ago
wsconn
go.{mod,sum}: migrate from nhooyr.io/websocket to github.com/coder/websocket
2 years ago
Brad Fitzpatrick
7fac0175c0