MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved ACM root cert hash mismatch error, #2948

This commit is contained in:
Ylian Saint-Hilaire 2021-07-30 13:59:22 -07:00
parent 19f596ce86
commit 40eb8762e2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
amtmanager.js
View File

@ -2022,9 +2022,12 @@ module.exports.CreateAmtManager = function (parent) {
if (trustedFqdn == null) return { err: "No trusted DNS suffix reported" }; if (trustedFqdn == null) return { err: "No trusted DNS suffix reported" };
// Find a matching certificate // Find a matching certificate
var gotSuffixMatch = false;
for (var i in activationCerts) { for (var i in activationCerts) {
var cert = activationCerts[i]; var cert = activationCerts[i];
if ((cert.cn == '*') || checkAcmActivationCertName(cert.cn, trustedFqdn)) { var certDnsMatch = checkAcmActivationCertName(cert.cn, trustedFqdn);
if (certDnsMatch == true) { gotSuffixMatch = true; }
if ((cert.cn == '*') || certDnsMatch) {
for (var j in deviceHashes) { for (var j in deviceHashes) {
var hashInfo = deviceHashes[j]; var hashInfo = deviceHashes[j];
if ((hashInfo != null) && (hashInfo.isActive == 1)) { if ((hashInfo != null) && (hashInfo.isActive == 1)) {
@ -2034,6 +2037,7 @@ module.exports.CreateAmtManager = function (parent) {
} }
} }
} }
if (gotSuffixMatch) { return { err: "Certificate root hash matching failed for \"" + trustedFqdn + "\"." }; } // Found a DNS suffix match, but root hash failed to match.
return { err: "No matching ACM activation certificate for \"" + trustedFqdn + "\"." }; // Did not find a match return { err: "No matching ACM activation certificate for \"" + trustedFqdn + "\"." }; // Did not find a match
} }