MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-04-27 05:14:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix rsakeysize for letsencrypt #6988

Browse Source 
Signed-off-by: si458 <simonsmith5521@gmail.com>
This commit is contained in:
si458 2025-04-21 15:57:56 +01:00
parent b7364d8988
commit 134ca4f025
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
letsencrypt.js
View File

@ -66,7 +66,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "Let's Encrypt email address not specified."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "Let's Encrypt email address not specified."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "Redirection web server must be active on port 80 for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "Redirection web server must be active on port 80 for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if (obj.redirWebServerHooked !== true) { obj.configErr = "Redirection web server not setup for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if (obj.redirWebServerHooked !== true) { obj.configErr = "Redirection web server not setup for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072)) { obj.configErr = "Invalid Let's Encrypt certificate key size, must be 2048 or 3072."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072) && (obj.parent.config.letsencrypt.rsakeysize !== 4096)) { obj.configErr = "Invalid Let's Encrypt certificate key size, must be 2048, 3072 or 4096."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if (obj.checkInterval == null) { obj.checkInterval = setInterval(obj.checkRenewCertificate, 86400000); } // Call certificate check every 24 hours. if (obj.checkInterval == null) { obj.checkInterval = setInterval(obj.checkRenewCertificate, 86400000); } // Call certificate check every 24 hours.
obj.configOk = true; obj.configOk = true;
@ -165,7 +165,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
// Create a private key // Create a private key
obj.log("Generating private key..."); obj.log("Generating private key...");
acme.forge.createPrivateKey().then(function (accountKey) { acme.forge.createPrivateKey(obj.parent.config.letsencrypt.rsakeysize != null ? obj.parent.config.letsencrypt.rsakeysize : 2048).then(function (accountKey) {
// Create the ACME client // Create the ACME client
obj.log("Setting up ACME client..."); obj.log("Setting up ACME client...");
@ -189,7 +189,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
// Create Certificate Request (CSR) // Create Certificate Request (CSR)
obj.log("Creating certificate request..."); obj.log("Creating certificate request...");
var certRequest = { commonName: obj.leDomains[0] }; var certRequest = { commonName: obj.leDomains[0], keySize: obj.parent.config.letsencrypt.rsakeysize != null ? obj.parent.config.letsencrypt.rsakeysize : 2048 };
if (obj.leDomains.length > 1) { certRequest.altNames = obj.leDomains; } if (obj.leDomains.length > 1) { certRequest.altNames = obj.leDomains; }
acme.forge.createCsr(certRequest).then(function (r) { acme.forge.createCsr(certRequest).then(function (r) {
obj.csr = r[1]; obj.csr = r[1];

7
meshcentral-config-schema.json
View File

@ -546,7 +546,7 @@
}, },
"agentWsCompression": { "agentWsCompression": {
"type": "boolean", "type": "boolean",
"default": true, "default": false,
"description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work." "description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work."
}, },
"noAgentUpdate": { "noAgentUpdate": {
@ -3892,6 +3892,11 @@
"default": false, "default": false,
"description": "By default a test certificate will be obtained from Let's Encrypt. Setting \"zerossl\", will ignore this setting. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time." "description": "By default a test certificate will be obtained from Let's Encrypt. Setting \"zerossl\", will ignore this setting. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time."
}, },
"rsaKeySize": {
"type": "integer",
"default": 2048,
"description": "The size of the RSA key to generate. The default is 2048 bits."
},
"nochecks": { "nochecks": {
"type": "boolean", "type": "boolean",
"default": false, "default": false,