external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Agent TLS certificate improvement.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-11-16 15:14:30 -08:00
parent 68d8e53548
commit e04db9fa9f
4 changed files with 1270 additions and 1243 deletions
Download patch file Download diff file Expand all files Collapse all files

16
agents/meshcore.js
View file

@ -779,7 +779,13 @@ function createMeshCore(agent) {
// Perform manual server TLS certificate checking based on the certificate hash given by the server. // Perform manual server TLS certificate checking based on the certificate hash given by the server.
woptions.rejectUnauthorized = 0; woptions.rejectUnauthorized = 0;
woptions.checkServerIdentity = function checkServerIdentity(certs) { if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash != certs[0].digest.split(':').join('').toLowerCase())) { throw new Error('BadCert') } } woptions.checkServerIdentity = function checkServerIdentity(certs) {
// If the tunnel certificate matches the control channel certificate, accept the connection
try { if (require('MeshAgent').ServerInfo.ControlChannelCertificate.digest == certs[0].digest) return; } catch (ex) { }
try { if (require('MeshAgent').ServerInfo.ControlChannelCertificate.fingerprint == certs[0].fingerprint) return; } catch (ex) { }
// Check that the certificate is the one expected by the server, fail if not.
if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash.toLowerCase() != certs[0].digest.split(':').join('').toLowerCase())) { throw new Error('BadCert') }
}
woptions.checkServerIdentity.servertlshash = data.servertlshash; woptions.checkServerIdentity.servertlshash = data.servertlshash;
//sendConsoleText(JSON.stringify(woptions)); //sendConsoleText(JSON.stringify(woptions));
@ -1177,7 +1183,13 @@ function createMeshCore(agent) {
// Perform manual server TLS certificate checking based on the certificate hash given by the server. // Perform manual server TLS certificate checking based on the certificate hash given by the server.
agentFileHttpOptions.rejectUnauthorized = 0; agentFileHttpOptions.rejectUnauthorized = 0;
agentFileHttpOptions.checkServerIdentity = function checkServerIdentity(certs) { if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash != certs[0].digest.split(':').join('').toLowerCase())) { throw new Error('BadCert') } } agentFileHttpOptions.checkServerIdentity = function checkServerIdentity(certs) {
// If the tunnel certificate matches the control channel certificate, accept the connection
try { if (require('MeshAgent').ServerInfo.ControlChannelCertificate.digest == certs[0].digest) return; } catch (ex) { }
try { if (require('MeshAgent').ServerInfo.ControlChannelCertificate.fingerprint == certs[0].fingerprint) return; } catch (ex) { }
// Check that the certificate is the one expected by the server, fail if not.
if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash.toLowerCase() != certs[0].digest.split(':').join('').toLowerCase())) { throw new Error('BadCert') }
}
agentFileHttpOptions.checkServerIdentity.servertlshash = data.servertlshash; agentFileHttpOptions.checkServerIdentity.servertlshash = data.servertlshash;
if (agentFileHttpOptions == null) return; if (agentFileHttpOptions == null) return;

2
public/scripts/amt-wsman-0.2.0-min.js vendored
View file

File diff suppressed because one or more lines are too long

2484
translate/translate.json
View file

File diff suppressed because it is too large Load diff

11
views/default.handlebars
View file

@ -8056,7 +8056,16 @@
// Find file result // Find file result
if (data.action == 'findfile') { if (data.action == 'findfile') {
if (xxdialogTag == data.reqid) { if (data.r == null) { QE('d2findFilter', true); QE('filefind_dlgOkButton', true); xxdialogTag = null; } else { QA('d2findResults', '<div style=white-space:nowrap>' + EscapeHtml(data.r) + '</div>'); } } if (xxdialogTag == data.reqid) {
if (data.r == null) {
QE('d2findFilter', true);
QE('filefind_dlgOkButton', true);
xxdialogTag = null;
if (Q('d2findResults').innerHTML == '') { QH('d2findResults', '<div style=text-align:center;margin:10px><i>' + "No files found" + '</i></div>'); }
} else {
QA('d2findResults', '<div style=white-space:nowrap>' + EscapeHtml(data.r) + '</div>');
}
}
return; return;
} }