MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed issue with TLS certificate that had an no issuer CN (#4681)

This commit is contained in:
Ylian Saint-Hilaire 2022-11-02 10:45:10 -07:00
parent fbde2a87a5
commit 3a22bfbc24
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
certoperations.js
View File

@ -922,7 +922,7 @@ module.exports.CertificateOperations = function (parent) {
// Fetch the certificates names for the main certificate
r.AmtMpsName = obj.pki.certificateFromPem(r.mps.cert).subject.getField('CN').value;
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
r.WebIssuer = webCertificate.issuer.getField('CN').value;
if (webCertificate.issuer.getField('CN') != null) { r.WebIssuer = webCertificate.issuer.getField('CN').value; } else { r.WebIssuer = null; }
r.CommonName = webCertificate.subject.getField('CN').value;
r.CommonNames = [ r.CommonName ];
var altNames = webCertificate.getExtension('subjectAltName');
@ -1005,6 +1005,7 @@ module.exports.CertificateOperations = function (parent) {
return r;
}
}
if (parent.configurationFiles != null) {
console.log("Error: Vault/Database missing some certificates.");
if (r.root == null) { console.log(' Code signing certificate is missing.'); }
@ -1074,7 +1075,8 @@ module.exports.CertificateOperations = function (parent) {
webPrivateKey = r.web.key;
}
}
var webIssuer = webCertAndKey.cert.issuer.getField('CN').value;
var webIssuer = null;
if (webCertAndKey.cert.issuer.getField('CN') != null) { webIssuer = webCertAndKey.cert.issuer.getField('CN').value; }
// If the mesh agent server certificate does not exist, create one
var agentCertAndKey, agentCertificate, agentPrivateKey;
@ -1131,7 +1133,7 @@ module.exports.CertificateOperations = function (parent) {
// Fetch the certificates names for the main certificate
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
r.WebIssuer = webCertificate.issuer.getField('CN').value;
if (webCertificate.issuer.getField('CN') != null) { r.WebIssuer = webCertificate.issuer.getField('CN').value; } else { r.WebIssuer = null; }
r.CommonName = webCertificate.subject.getField('CN').value;
if (r.CommonName.startsWith('*.')) {
if (commonName.indexOf('.') == -1) { console.log("ERROR: Must specify a server full domain name in Config.json->Settings->Cert when using a wildcard certificate."); process.exit(0); return; }

2
webserver.js
View File

@ -3393,7 +3393,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
if (typeof obj.args.trustedcert == 'boolean') return obj.args.trustedcert; // If the status of the cert specified, use that.
if (obj.args.tlsoffload != null) return true; // We are using TLS offload, a real cert is likely used.
if (obj.parent.config.letsencrypt != null) return (obj.parent.config.letsencrypt.production === true); // We are using Let's Encrypt, real cert in use if production is set to true.
if (obj.certificates.WebIssuer.indexOf('MeshCentralRoot-') == 0) return false; // Our cert is issued by self-signed cert.
if ((typeof obj.certificates.WebIssuer == 'string') && (obj.certificates.WebIssuer.indexOf('MeshCentralRoot-') == 0)) return false; // Our cert is issued by self-signed cert.
if (obj.certificates.CommonName.indexOf('.') == -1) return false; // Our cert is named with a fake name
return true; // This is a guess
}