From 98ae8b4aa7f732e119120e6c851c1d312ce5a1da Mon Sep 17 00:00:00 2001 From: Alex Chan Date: Fri, 19 Sep 2025 07:08:57 +0100 Subject: [PATCH] client/{local,tailscale}: delete deprecated and now-unused cert aliases Updates https://github.com/tailscale/corp/issues/22748 Signed-off-by: Alex Chan --- client/local/cert.go | 28 ---------------------------- client/tailscale/cert.go | 34 ---------------------------------- cmd/k8s-operator/depaware.txt | 2 +- cmd/tailscale/depaware.txt | 2 +- 4 files changed, 2 insertions(+), 64 deletions(-) delete mode 100644 client/tailscale/cert.go diff --git a/client/local/cert.go b/client/local/cert.go index bfaac7303..c1ef9c889 100644 --- a/client/local/cert.go +++ b/client/local/cert.go @@ -39,15 +39,6 @@ func (lc *Client) SetDNS(ctx context.Context, name, value string) error { return err } -// CertPair returns a cert and private key for the provided DNS domain. -// -// It returns a cached certificate from disk if it's still valid. -// -// Deprecated: use [Client.CertPair]. -func CertPair(ctx context.Context, domain string) (certPEM, keyPEM []byte, err error) { - return defaultClient.CertPair(ctx, domain) -} - // CertPair returns a cert and private key for the provided DNS domain. // // It returns a cached certificate from disk if it's still valid. @@ -85,18 +76,6 @@ func (lc *Client) CertPairWithValidity(ctx context.Context, domain string, minVa return certPEM, keyPEM, nil } -// GetCertificate fetches a TLS certificate for the TLS ClientHello in hi. -// -// It returns a cached certificate from disk if it's still valid. -// -// It's the right signature to use as the value of -// [tls.Config.GetCertificate]. -// -// Deprecated: use [Client.GetCertificate]. -func GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error) { - return defaultClient.GetCertificate(hi) -} - // GetCertificate fetches a TLS certificate for the TLS ClientHello in hi. // // It returns a cached certificate from disk if it's still valid. @@ -129,13 +108,6 @@ func (lc *Client) GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, err return &cert, nil } -// ExpandSNIName expands bare label name into the most likely actual TLS cert name. -// -// Deprecated: use [Client.ExpandSNIName]. -func ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool) { - return defaultClient.ExpandSNIName(ctx, name) -} - // ExpandSNIName expands bare label name into the most likely actual TLS cert name. func (lc *Client) ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool) { st, err := lc.StatusWithoutPeers(ctx) diff --git a/client/tailscale/cert.go b/client/tailscale/cert.go deleted file mode 100644 index 4f351ab99..000000000 --- a/client/tailscale/cert.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (c) Tailscale Inc & AUTHORS -// SPDX-License-Identifier: BSD-3-Clause - -//go:build !js && !ts_omit_acme - -package tailscale - -import ( - "context" - "crypto/tls" - - "tailscale.com/client/local" -) - -// GetCertificate is an alias for [tailscale.com/client/local.GetCertificate]. -// -// Deprecated: import [tailscale.com/client/local] instead and use [local.Client.GetCertificate]. -func GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error) { - return local.GetCertificate(hi) -} - -// CertPair is an alias for [tailscale.com/client/local.CertPair]. -// -// Deprecated: import [tailscale.com/client/local] instead and use [local.Client.CertPair]. -func CertPair(ctx context.Context, domain string) (certPEM, keyPEM []byte, err error) { - return local.CertPair(ctx, domain) -} - -// ExpandSNIName is an alias for [tailscale.com/client/local.ExpandSNIName]. -// -// Deprecated: import [tailscale.com/client/local] instead and use [local.Client.ExpandSNIName]. -func ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool) { - return local.ExpandSNIName(ctx, name) -} diff --git a/cmd/k8s-operator/depaware.txt b/cmd/k8s-operator/depaware.txt index e65977875..0a53d5215 100644 --- a/cmd/k8s-operator/depaware.txt +++ b/cmd/k8s-operator/depaware.txt @@ -774,7 +774,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/ tailscale.com from tailscale.com/version tailscale.com/appc from tailscale.com/ipn/ipnlocal 💣 tailscale.com/atomicfile from tailscale.com/ipn+ - tailscale.com/client/local from tailscale.com/client/tailscale+ + tailscale.com/client/local from tailscale.com/client/web+ tailscale.com/client/tailscale from tailscale.com/cmd/k8s-operator+ tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+ tailscale.com/client/web from tailscale.com/ipn/ipnlocal diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index ae4a7bd4d..a3ca5d6de 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -82,7 +82,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep software.sslmate.com/src/go-pkcs12/internal/rc2 from software.sslmate.com/src/go-pkcs12 tailscale.com from tailscale.com/version 💣 tailscale.com/atomicfile from tailscale.com/cmd/tailscale/cli+ - tailscale.com/client/local from tailscale.com/client/tailscale+ + tailscale.com/client/local from tailscale.com/client/systray+ L tailscale.com/client/systray from tailscale.com/cmd/tailscale/cli tailscale.com/client/tailscale from tailscale.com/internal/client/tailscale tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+