Added correct hostname header when loading reverse proxy certificate.

This commit is contained in:
Ylian Saint-Hilaire 2019-10-29 11:10:57 -07:00
parent a98340cdc7
commit 6f382affde
2 changed files with 13 additions and 9 deletions

View File

@ -195,25 +195,27 @@ module.exports.CertificateOperations = function (parent) {
}
// Return the certificate of the remote HTTPS server
obj.loadCertificate = function (url, tag, func) {
obj.loadCertificate = function (url, hostname, tag, func) {
console.log('loadCertificate', url, hostname);
const u = require('url').parse(url);
if (u.protocol == 'https:') {
// Read the certificate from HTTPS
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: u.hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); });
if (hostname == null) { hostname = u.hostname; }
const tlssocket = obj.tls.connect((u.port ? u.port : 443), u.hostname, { servername: hostname, rejectUnauthorized: false }, function () { this.xxcert = this.getPeerCertificate(); this.end(); });
tlssocket.xxurl = url;
tlssocket.xxfunc = func;
tlssocket.xxtag = tag;
tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), this.xxtag); });
tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, this.xxtag); });
tlssocket.on('end', function () { this.xxfunc(this.xxurl, this.xxcert.raw.toString('binary'), hostname, this.xxtag); });
tlssocket.on('error', function () { this.xxfunc(this.xxurl, null, hostname, this.xxtag); });
} else if (u.protocol == 'file:') {
// Read the certificate from a file
obj.fs.readFile(url.substring(7), 'utf8', function (err, data) {
if (err) { func(url, null, tag); return; }
var x1 = data.indexOf('-----BEGIN CERTIFICATE-----'), x2 = data.indexOf('-----END CERTIFICATE-----');
if ((x1 >= 0) && (x2 > x1)) {
func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), tag);
func(url, Buffer.from(data.substring(x1 + 27, x2), 'base64').toString('binary'), hostname, tag);
} else {
func(url, data, tag);
func(url, data, hostname, tag);
}
});
} else { func(url, null, tag); }

View File

@ -862,7 +862,9 @@ function CreateMeshCentralServer(config, args) {
// Load web certs
webCertLoadCount++;
obj.certificateOperations.loadCertificate(obj.config.domains[i].certurl, obj.config.domains[i], function (url, cert, xdomain) {
var dnsname = obj.config.domains[i].dns;
if ((dnsname == null) && (i == '') && (obj.config.settings.cert != null)) { dnsname = obj.config.settings.cert; }
obj.certificateOperations.loadCertificate(obj.config.domains[i].certurl, dnsname, obj.config.domains[i], function (url, cert, xhostname, xdomain) {
if (cert != null) {
// Hash the entire cert
var hash = obj.crypto.createHash('sha384').update(Buffer.from(cert, 'binary')).digest('hex');
@ -875,11 +877,11 @@ function CreateMeshCentralServer(config, args) {
//console.log('V1: ' + xdomain.certkeyhash);
} catch (ex) { }
console.log('Loaded web certificate from ' + url);
console.log('Loaded web certificate from \"' + url + '\", host: \"' + xhostname + '\"');
console.log(' SHA384 cert hash: ' + xdomain.certhash);
if (xdomain.certhash != xdomain.certkeyhash) { console.log(' SHA384 key hash: ' + xdomain.certkeyhash); }
} else {
console.log('Failed to load web certificate at: ' + url);
console.log('Failed to load web certificate at: \"' + url + '\", host: \"' + xhostname + '\"');
}
webCertLoadCount--;
if (webCertLoadCount == 0) { obj.StartEx4(); } // Done loading all certificates