MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-03 01:45:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added addition ssl options

Browse Source
This commit is contained in:
Noah Zalev 2021-05-02 15:30:38 -04:00
parent 8179777f73
commit 2f5c5d9b03
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
db.js
View File

@ -486,6 +486,7 @@ module.exports.CreateDB = function (parent, func) {
try {
if (connectinArgs.ssl) {
if (connectinArgs.ssl.dontcheckserveridentity == true) { connectionObject.ssl.checkServerIdentity = function(name, cert) { return undefined; } };
if (connectinArgs.ssl.cacertpath) { connectionObject.ssl.ca = [require('fs').readFileSync(connectinArgs.ssl.cacertpath, 'utf8')]; }
if (connectinArgs.ssl.clientcertpath) { connectionObject.ssl.cert = [require('fs').readFileSync(connectinArgs.ssl.clientcertpath, 'utf8')]; }
if (connectinArgs.ssl.clientkeypath) { connectionObject.ssl.key = [require('fs').readFileSync(connectinArgs.ssl.clientkeypath, 'utf8')]; }
@ -1620,14 +1621,17 @@ module.exports.CreateDB = function (parent, func) {
if (obj.databaseType == 4) {
if (props.ssl) {
sslOptions = ' --ssl';
if (props.ssl.cacertpath) sslOptions = ' --ssl-verify-server-cert --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.cacertpath) sslOptions = ' --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.dontcheckserveridentity != true) sslOptions += ' --ssl-verify-server-cert';
if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
}
} else {
if (props.ssl) {
sslOptions = ' --ssl-mode=required';
if (props.ssl.cacertpath) sslOptions = ' --ssl-mode=verify_identity --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.cacertpath) sslOptions = ' --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.dontcheckserveridentity != true) sslOptions += ' --ssl-mode=verify_identity';
else sslOptions += ' --ssl-mode=required';
if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
}

6
meshcentral-config-schema.json
View File

@ -28,7 +28,8 @@
"properties": {
"caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" },
"clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" },
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" }
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" },
"dontCheckServerIdentity": { "type": "boolean", "description": "Set true to not check the server hostname during verification" }
}
}
}
@ -48,7 +49,8 @@
"properties": {
"caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" },
"clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" },
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" }
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" },
"dontCheckServerIdentity": { "type": "boolean", "description": "Set true to not check the server hostname during verification" }
}
}
}