Improved CertURL certificate loading.

amt/amt-ider-module.js

@@ -607,7 +607,7 @@ module.exports.CreateAmtRemoteIder = function (webserver, meshcentral) {
         if (g_len > obj.iderinfo.readbfr) { len = obj.iderinfo.readbfr; }
         g_len -= len;
         g_lba += len;
-        var buffer = new Buffer(len);
+        var buffer = Buffer.alloc(len);
         fs.read(g_media, buffer, 0, len, lba, function (error, bytesRead, buffer) {
             obj.SendDataToHost(g_dev, (g_len == 0), buffer.toString('binary'), featureRegister & 1);
             if ((g_len > 0) && (g_reset == false)) {

amt/amt.js

@@ -733,7 +733,7 @@ function AmtStackCreateService(wsmanStack) {
                 e = null;
                 try {
                     es = atob(responses.Body['EventRecords'][i]);
-                    e = new Buffer(es);
+                    e = Buffer.from(es);
                 } catch (ex) {
                     console.log(ex + " " + responses.Body['EventRecords'][i])
                 }

certoperations.js

@@ -200,12 +200,17 @@ module.exports.CertificateOperations = function (parent) {
         if (u.protocol == 'https:') {
             // Read the certificate from HTTPS
             if (hostname == null) { hostname = u.hostname; }
-            const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); });
+            parent.debug('cert', "loadCertificate() - Loading certificate from " + u.hostname + ":" + (u.port ? u.port : 443) + ", Hostname: " + hostname + "...");
+            const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () {
+                this.xxcert = this.getPeerCertificate();
+                parent.debug('cert', "loadCertificate() - TLS connected, " + ((this.xxcert != null) ? "got certificate." : "no certificate."));
+                try { this.destroy(); } catch (ex) { }
+                this.xxfunc(this.xxurl, (this.xxcert == null)?null:(this.xxcert.raw.toString('binary')), hostname, this.xxtag);
+            });
             tlssocket.xxurl = url;
             tlssocket.xxfunc = func;
             tlssocket.xxtag = tag;
-            tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), hostname, this.xxtag); });
+            tlssocket.on('error', function (error) { try { this.destroy(); } catch (ex) { } parent.debug('cert', "loadCertificate() - TLS error: " + error); this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
-            tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
         } else if (u.protocol == 'file:') {
             // Read the certificate from a file
             obj.fs.readFile(url.substring(7), 'utf8', function (err, data) {

meshagent.js

@@ -398,7 +398,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                             parent.parent.updateProxyCertificates(false);
                         }
                         parent.agentStats.agentBadWebCertHashCount++;
-                        console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
+                        console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (Buffer.from(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
                         console.log('Agent reported web cert hash:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex')) + '.');
                         return;
                     }

mqttbroker.js

@@ -124,7 +124,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
         // Look for any MQTT connections to send this to
         var clients = obj.connections[nodeid];
         if (clients == null) return;
-        if (typeof message == 'string') { message = new Buffer(message); }
+        if (typeof message == 'string') { message = Buffer.from(message); }
         for (var i in clients) {
             // Only publish to client that subscribe to the topic
             if (clients[i].subscriptions[topic] != null) { clients[i].publish({ cmd: 'publish', qos: 0, topic: topic, payload: message, retain: false }); }

webauthn.js

@@ -251,7 +251,7 @@ module.exports.CreateWebAuthnModule = function () {
     function ASN1toPEM(pkBuffer) {
         if (!Buffer.isBuffer(pkBuffer)) { throw new Error("ASN1toPEM: pkBuffer must be Buffer."); }
         let type;
-        if (pkBuffer.length == 65 && pkBuffer[0] == 0x04) { pkBuffer = Buffer.concat([new Buffer.from("3059301306072a8648ce3d020106082a8648ce3d030107034200", "hex"), pkBuffer]); type = 'PUBLIC KEY'; } else { type = 'CERTIFICATE'; }
+        if (pkBuffer.length == 65 && pkBuffer[0] == 0x04) { pkBuffer = Buffer.concat([Buffer.from("3059301306072a8648ce3d020106082a8648ce3d030107034200", "hex"), pkBuffer]); type = 'PUBLIC KEY'; } else { type = 'CERTIFICATE'; }
         const b64cert = pkBuffer.toString('base64');
         let PEMKey = '';
         for (let i = 0; i < Math.ceil(b64cert.length / 64); i++) { const start = 64 * i; PEMKey += b64cert.substr(start, 64) + '\n'; }