mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-25 06:35:54 -05:00
Added correct hostname header when loading reverse proxy certificate.
This commit is contained in:
parent
f14d405320
commit
532c10def6
@ -195,25 +195,27 @@ module.exports.CertificateOperations = function (parent) {
|
||||
}
|
||||
|
||||
// Return the certificate of the remote HTTPS server
|
||||
obj.loadCertificate = function (url, tag, func) {
|
||||
obj.loadCertificate = function (url, hostname, tag, func) {
|
||||
console.log('loadCertificate', url, hostname);
|
||||
const u = require('url').parse(url);
|
||||
if (u.protocol == 'https:') {
|
||||
// Read the certificate from HTTPS
|
||||
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: u.hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); });
|
||||
if (hostname == null) { hostname = u.hostname; }
|
||||
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); });
|
||||
tlssocket.xxurl = url;
|
||||
tlssocket.xxfunc = func;
|
||||
tlssocket.xxtag = tag;
|
||||
tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), this.xxtag); });
|
||||
tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, this.xxtag); });
|
||||
tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), hostname, this.xxtag); });
|
||||
tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
|
||||
} else if (u.protocol == 'file:') {
|
||||
// Read the certificate from a file
|
||||
obj.fs.readFile(url.substring(7), 'utf8', function (err, data) {
|
||||
if (err) { func(url, null, tag); return; }
|
||||
var x1 = data.indexOf('-----BEGIN CERTIFICATE-----'), x2 = data.indexOf('-----END CERTIFICATE-----');
|
||||
if ((x1 >= 0) && (x2 > x1)) {
|
||||
func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag);
|
||||
func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), hostname, tag);
|
||||
} else {
|
||||
func(url, data, tag);
|
||||
func(url, data, hostname, tag);
|
||||
}
|
||||
});
|
||||
} else { func(url, null, tag); }
|
||||
|
@ -862,7 +862,9 @@ function CreateMeshCentralServer(config, args) {
|
||||
|
||||
// Load web certs
|
||||
webCertLoadCount++;
|
||||
obj.certificateOperations.loadCertificate(obj.config.domains[i].certurl, obj.config.domains[i], function (url, cert, xdomain) {
|
||||
var dnsname = obj.config.domains[i].dns;
|
||||
if ((dnsname == null) && (i == '') && (obj.config.settings.cert != null)) { dnsname = obj.config.settings.cert; }
|
||||
obj.certificateOperations.loadCertificate(obj.config.domains[i].certurl, dnsname, obj.config.domains[i], function (url, cert, xhostname, xdomain) {
|
||||
if (cert != null) {
|
||||
// Hash the entire cert
|
||||
var hash = obj.crypto.createHash('sha384').update(Buffer.from(cert, 'binary')).digest('hex');
|
||||
@ -875,11 +877,11 @@ function CreateMeshCentralServer(config, args) {
|
||||
//console.log('V1: ' + xdomain.certkeyhash);
|
||||
} catch (ex) { }
|
||||
|
||||
console.log('Loaded web certificate from ' + url);
|
||||
console.log('Loaded web certificate from \"' + url + '\", host: \"' + xhostname + '\"');
|
||||
console.log(' SHA384 cert hash: ' + xdomain.certhash);
|
||||
if (xdomain.certhash != xdomain.certkeyhash) { console.log(' SHA384 key hash: ' + xdomain.certkeyhash); }
|
||||
} else {
|
||||
console.log('Failed to load web certificate at: ' + url);
|
||||
console.log('Failed to load web certificate at: \"' + url + '\", host: \"' + xhostname + '\"');
|
||||
}
|
||||
webCertLoadCount--;
|
||||
if (webCertLoadCount == 0) { obj.StartEx4(); } // Done loading all certificates
|
||||
|
Loading…
Reference in New Issue
Block a user