Rolled back agent tunnel TLS check.

This commit is contained in:
Ylian Saint-Hilaire 2020-11-10 13:24:24 -08:00
parent a8fd0510de
commit 6e67fc14c4
3 changed files with 9 additions and 1 deletions

View File

@ -780,7 +780,11 @@ function createMeshCore(agent) {
// Perform manual server TLS certificate checking based on the certificate hash given by the server. // Perform manual server TLS certificate checking based on the certificate hash given by the server.
woptions.rejectUnauthorized = 0; woptions.rejectUnauthorized = 0;
woptions.checkServerIdentity = function checkServerIdentity(certs) { if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash != certs[0].fingerprint.split(':').join('').toLowerCase())) { throw new Error('BadCert') } } woptions.checkServerIdentity = function checkServerIdentity(certs) {
//sendConsoleText('ca: ' + certs[0].fingerprint.split(':').join('').toLowerCase());
//sendConsoleText('cs: ' + checkServerIdentity.servertlshash);
if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash != certs[0].fingerprint.split(':').join('').toLowerCase())) { throw new Error('BadCert') }
}
woptions.checkServerIdentity.servertlshash = data.servertlshash; woptions.checkServerIdentity.servertlshash = data.servertlshash;
//sendConsoleText(JSON.stringify(woptions)); //sendConsoleText(JSON.stringify(woptions));

View File

@ -1330,10 +1330,12 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
// Add server TLS cert hash // Add server TLS cert hash
var tlsCertHash = null; var tlsCertHash = null;
/*
if (parent.parent.args.ignoreagenthashcheck !== true) { if (parent.parent.args.ignoreagenthashcheck !== true) {
tlsCertHash = parent.webCertificateHashs[domain.id]; tlsCertHash = parent.webCertificateHashs[domain.id];
if (tlsCertHash != null) { command.servertlshash = Buffer.from(tlsCertHash, 'binary').toString('hex'); } if (tlsCertHash != null) { command.servertlshash = Buffer.from(tlsCertHash, 'binary').toString('hex'); }
} }
*/
// Add user consent messages // Add user consent messages
command.soptions = {}; command.soptions = {};

View File

@ -3218,10 +3218,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Instruct one of more agents to download a URL to a given local drive location. // Instruct one of more agents to download a URL to a given local drive location.
var tlsCertHash = null; var tlsCertHash = null;
/*
if (parent.args.ignoreagenthashcheck !== true) { if (parent.args.ignoreagenthashcheck !== true) {
tlsCertHash = obj.webCertificateHashs[cmd.domain.id]; tlsCertHash = obj.webCertificateHashs[cmd.domain.id];
if (tlsCertHash != null) { tlsCertHash = Buffer.from(tlsCertHash, 'binary').toString('hex'); } if (tlsCertHash != null) { tlsCertHash = Buffer.from(tlsCertHash, 'binary').toString('hex'); }
} }
*/
for (var i in cmd.nodeids) { for (var i in cmd.nodeids) {
obj.GetNodeWithRights(cmd.domain, cmd.user, cmd.nodeids[i], function (node, rights, visible) { obj.GetNodeWithRights(cmd.domain, cmd.user, cmd.nodeids[i], function (node, rights, visible) {
if ((node == null) || ((rights & 8) == 0) || (visible == false)) return; // We don't have remote control rights to this device if ((node == null) || ((rights & 8) == 0) || (visible == false)) return; // We don't have remote control rights to this device