You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Andrew Lytvynov
c1ecae13ab
ipn/{ipnlocal,localapi}: actually renew certs before expiry ( #8731 ) ...
While our `shouldStartDomainRenewal` check is correct, `getCertPEM`
would always bail if the existing cert is not expired. Add the same
`shouldStartDomainRenewal` check to `getCertPEM` to make it proceed with
renewal when existing certs are still valid but should be renewed.
The extra check is expensive (ARI request towards LetsEncrypt), so cache
the last check result for 1hr to not degrade `tailscale serve`
performance.
Also, asynchronous renewal is great for `tailscale serve` but confusing
for `tailscale cert`. Add an explicit flag to `GetCertPEM` to force a
synchronous renewal for `tailscale cert`.
Fixes #8725
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
3 years ago
..
testdata
ipn/ipnlocal: fix the path for writing cert files ( #7203 )
3 years ago
c2n.go
util/goroutines: let ScrubbedGoroutineDump get only current stack
3 years ago
cert.go
ipn/{ipnlocal,localapi}: actually renew certs before expiry ( #8731 )
3 years ago
cert_js.go
ipn/{ipnlocal,localapi}: actually renew certs before expiry ( #8731 )
3 years ago
cert_test.go
ipn/{ipnlocal,localapi}: actually renew certs before expiry ( #8731 )
3 years ago
dnsconfig_test.go
all: use cmpx.Or where it made sense
3 years ago
expiry.go
various: add golangci-lint, fix issues ( #7905 )
3 years ago
expiry_test.go
ci: add more lints ( #7909 )
3 years ago
local.go
cli: introduce exit-node subcommand to list and filter exit nodes
3 years ago
local_test.go
tsd: add package with System type to unify subsystem init, discovery
3 years ago
loglines_test.go
tsd: add package with System type to unify subsystem init, discovery
3 years ago
network-lock.go
cmd/tailscale: warn if node is locked out on bringup
3 years ago
network-lock_test.go
ipn: rename CapTailnetLockAlpha -> CapTailnetLock
3 years ago
peerapi.go
tailcfg,ipn/ipnlocal,wgengine: add values to PeerCapabilities
3 years ago
peerapi_h2c.go
all: update copyright and license headers
3 years ago
peerapi_macios_ext.go
all: update copyright and license headers
3 years ago
peerapi_test.go
ipn/ipnlocal: drop not required StateKey parameter
3 years ago
profiles.go
ipn/ipnlocal: add more logging during profile migration
3 years ago
profiles_notwindows.go
ipn/ipnlocal, util/winutil/policy: modify Windows profile migration to load legacy prefs from within tailscaled
3 years ago
profiles_test.go
ipn/ipnlocal: reenable profile tests on Windows
3 years ago
profiles_windows.go
ipn/ipnlocal: add more logging during profile migration
3 years ago
serve.go
ipn/{ipnlocal,localapi}: actually renew certs before expiry ( #8731 )
3 years ago
serve_test.go
ipn/ipnlocal: add docs header to serve HTTP proxy
3 years ago
ssh.go
all: update copyright and license headers
3 years ago
ssh_stub.go
all: update copyright and license headers
3 years ago
ssh_test.go
ipn/ipnlocal: drop not required StateKey parameter
3 years ago
state_test.go
tsd: add package with System type to unify subsystem init, discovery
3 years ago
Andrew Lytvynov
c1ecae13ab