From 5e00e61d08d6701bd006c87e22d2641da8b65f77 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 7 Sep 2017 16:01:44 -0700 Subject: [PATCH] Added support for intermediate CA certs in web server TLS. --- certoperations.js | 15 ++++++++++++++- meshagent.js | 1 - meshcentral.js | 2 +- package.json | 2 +- webserver.js | 2 +- 5 files changed, 17 insertions(+), 5 deletions(-) diff --git a/certoperations.js b/certoperations.js index 1e6005de..34b5e97f 100644 --- a/certoperations.js +++ b/certoperations.js @@ -154,6 +154,19 @@ module.exports.CertificateOperations = function () { r.agent = { cert: agentCertificate, key: agentPrivateKey }; rcount++; } + + // If CA certificates are present, load them + var caok, caindex = 1, calist = []; + do { + caok = false; + if (obj.fileExists(directory + '/webserver-cert-chain' + caindex + '.crt')) { + var caCertificate = obj.fs.readFileSync(directory + '/webserver-cert-chain' + caindex + '.crt', 'utf8'); + calist.push(caCertificate); + caok = true; + } + caindex++; + } while (caok == true); + r.calist = calist; // Decode certificate arguments var commonName = 'un-configured', country, organization; @@ -226,7 +239,7 @@ module.exports.CertificateOperations = function () { agentPrivateKey = r.agent.key } - var r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, CommonName: commonName, RootName: rootName }; + var r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, calist: calist, CommonName: commonName, RootName: rootName }; if (func != undefined) { func(r); } return r; } diff --git a/meshagent.js b/meshagent.js index 8f4054a9..936fbba3 100644 --- a/meshagent.js +++ b/meshagent.js @@ -436,7 +436,6 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { case 'iplocation': { // Sent by the agent to update location information - console.log(command); if ((command.type == 'publicip') && (command.value != null) && (typeof command.value == 'object') && (command.value.ip) && (command.value.loc)) { var x = {}; x.publicip = command.value.ip; diff --git a/meshcentral.js b/meshcentral.js index 92b6ff0a..1d1f7f6c 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -299,7 +299,7 @@ function CreateMeshCentralServer() { } // Setup and start the redirection server if needed - if (obj.args.redirport != undefined && typeof obj.args.redirport == 'number') { + if ((obj.args.redirport != undefined) && (typeof obj.args.redirport == 'number') && (obj.args.redirport != 0)) { obj.redirserver = require('./redirserver.js').CreateRedirServer(obj, obj.db, obj.args, obj.certificates); } diff --git a/package.json b/package.json index 7e481632..b9ca4891 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "meshcentral", - "version": "0.0.7-o", + "version": "0.0.7-p", "keywords": [ "Remote Management", "Intel AMT", diff --git a/webserver.js b/webserver.js index 2345e940..eab36fba 100644 --- a/webserver.js +++ b/webserver.js @@ -89,7 +89,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate // Setup the HTTP server with TLS //var certOperations = require('./certoperations.js').CertificateOperations(); //var webServerCert = certOperations.GetWebServerCertificate('./data', 'SampleServer.org', 'US', 'SampleOrg'); - obj.tlsServer = require('https').createServer({ cert: obj.certificates.web.cert, key: obj.certificates.web.key, rejectUnauthorized: true }, obj.app); + obj.tlsServer = require('https').createServer({ cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.calist, rejectUnauthorized: true }, obj.app); obj.expressWs = require('express-ws')(obj.app, obj.tlsServer); }