Added support for intermediate CA certs in web server TLS.

2017-09-07 16:01:44 -07:00 · 2017-09-07 16:01:44 -07:00 · 5e00e61d08
parent 4dfc83f09e
commit 5e00e61d08
5 changed files with 17 additions and 5 deletions
--- a/certoperations.js
+++ b/certoperations.js
@ -154,6 +154,19 @@ module.exports.CertificateOperations = function () {
            r.agent = { cert: agentCertificate, key: agentPrivateKey };
            rcount++;
        }
+
+        // If CA certificates are present, load them
+        var caok, caindex = 1, calist = [];
+        do {
+            caok = false;
+            if (obj.fileExists(directory + '/webserver-cert-chain' + caindex + '.crt')) {
+                var caCertificate = obj.fs.readFileSync(directory + '/webserver-cert-chain' + caindex + '.crt', 'utf8');
+                calist.push(caCertificate);
+                caok = true;
+            }
+            caindex++;
+        } while (caok == true);
+        r.calist = calist;
                
        // Decode certificate arguments
        var commonName = 'un-configured', country, organization;
@ -226,7 +239,7 @@ module.exports.CertificateOperations = function () {
            agentPrivateKey = r.agent.key
        }

-        var r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, CommonName: commonName, RootName: rootName };
+        var r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, calist: calist, CommonName: commonName, RootName: rootName };
        if (func != undefined) { func(r); }
        return r;
    }
--- a/meshagent.js
+++ b/meshagent.js
@ -436,7 +436,6 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                case 'iplocation':
                    {
                        // Sent by the agent to update location information
-                        console.log(command);
                        if ((command.type == 'publicip') && (command.value != null) && (typeof command.value == 'object') && (command.value.ip) && (command.value.loc)) {
                            var x = {};
                            x.publicip = command.value.ip;
--- a/meshcentral.js
+++ b/meshcentral.js
@ -299,7 +299,7 @@ function CreateMeshCentralServer() {
                        }

                        // Setup and start the redirection server if needed
-                        if (obj.args.redirport != undefined && typeof obj.args.redirport == 'number') {
+                        if ((obj.args.redirport != undefined) && (typeof obj.args.redirport == 'number') && (obj.args.redirport != 0)) {
                            obj.redirserver = require('./redirserver.js').CreateRedirServer(obj, obj.db, obj.args, obj.certificates);
                        }

--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "meshcentral",
-  "version": "0.0.7-o",
+  "version": "0.0.7-p",
  "keywords": [
    "Remote Management",
    "Intel AMT",
--- a/webserver.js
+++ b/webserver.js
@ -89,7 +89,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
        // Setup the HTTP server with TLS
        //var certOperations = require('./certoperations.js').CertificateOperations();
        //var webServerCert = certOperations.GetWebServerCertificate('./data', 'SampleServer.org', 'US', 'SampleOrg');
-        obj.tlsServer = require('https').createServer({ cert: obj.certificates.web.cert, key: obj.certificates.web.key, rejectUnauthorized: true }, obj.app);
+        obj.tlsServer = require('https').createServer({ cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.calist, rejectUnauthorized: true }, obj.app);
        obj.expressWs = require('express-ws')(obj.app, obj.tlsServer);
    }