From 6e67fc14c4345b416b66f574b9fc1648512ceded Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Tue, 10 Nov 2020 13:24:24 -0800 Subject: [PATCH] Rolled back agent tunnel TLS check. --- agents/meshcore.js | 6 +++++- meshuser.js | 2 ++ webserver.js | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index b3aa78c4..dcf5bd0c 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -780,7 +780,11 @@ function createMeshCore(agent) { // Perform manual server TLS certificate checking based on the certificate hash given by the server. woptions.rejectUnauthorized = 0; - woptions.checkServerIdentity = function checkServerIdentity(certs) { if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash != certs[0].fingerprint.split(':').join('').toLowerCase())) { throw new Error('BadCert') } } + woptions.checkServerIdentity = function checkServerIdentity(certs) { + //sendConsoleText('ca: ' + certs[0].fingerprint.split(':').join('').toLowerCase()); + //sendConsoleText('cs: ' + checkServerIdentity.servertlshash); + if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash != certs[0].fingerprint.split(':').join('').toLowerCase())) { throw new Error('BadCert') } + } woptions.checkServerIdentity.servertlshash = data.servertlshash; //sendConsoleText(JSON.stringify(woptions)); diff --git a/meshuser.js b/meshuser.js index 0abf78e9..ff5b5a15 100644 --- a/meshuser.js +++ b/meshuser.js @@ -1330,10 +1330,12 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use // Add server TLS cert hash var tlsCertHash = null; + /* if (parent.parent.args.ignoreagenthashcheck !== true) { tlsCertHash = parent.webCertificateHashs[domain.id]; if (tlsCertHash != null) { command.servertlshash = Buffer.from(tlsCertHash, 'binary').toString('hex'); } } + */ // Add user consent messages command.soptions = {}; diff --git a/webserver.js b/webserver.js index 9514227b..a9d9633a 100644 --- a/webserver.js +++ b/webserver.js @@ -3218,10 +3218,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Instruct one of more agents to download a URL to a given local drive location. var tlsCertHash = null; + /* if (parent.args.ignoreagenthashcheck !== true) { tlsCertHash = obj.webCertificateHashs[cmd.domain.id]; if (tlsCertHash != null) { tlsCertHash = Buffer.from(tlsCertHash, 'binary').toString('hex'); } } + */ for (var i in cmd.nodeids) { obj.GetNodeWithRights(cmd.domain, cmd.user, cmd.nodeids[i], function (node, rights, visible) { if ((node == null) || ((rights & 8) == 0) || (visible == false)) return; // We don't have remote control rights to this device