From 81e79019d6124f6004d66052b2b501a1adc78792 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Tue, 29 Oct 2019 16:31:03 -0700
Subject: [PATCH] Reverse proxy improvements.

---
 meshagent.js   |  2 +-
 meshcentral.js | 15 ++++++++-------
 package.json   |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/meshagent.js b/meshagent.js
index 62b781c1..51282ad6 100644
--- a/meshagent.js
+++ b/meshagent.js
@@ -387,7 +387,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                         if (parent.parent.supportsProxyCertificatesRequest !== false) {
                             obj.badWebCert = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64');
                             parent.wsagentsWithBadWebCerts[obj.badWebCert] = obj; // Add this agent to the list of of agents with bad web certificates.
-                            parent.parent.updateProxyCertificates();
+                            parent.parent.updateProxyCertificates(false);
                         }
                         parent.agentStats.agentBadWebCertHashCount++;
                         console.log('Agent bad web cert hash (Agent:' + (Buffer.from(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (Buffer.from(getWebCertHash(domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').');
diff --git a/meshcentral.js b/meshcentral.js
index 4ed6c506..a1ceee15 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -862,7 +862,7 @@ function CreateMeshCentralServer(config, args) {
             }
         }
 
-        if (obj.supportsProxyCertificatesRequest == true) { obj.updateProxyCertificates(); }
+        if (obj.supportsProxyCertificatesRequest == true) { obj.updateProxyCertificates(true); }
         obj.StartEx4(); // Keep going
     }
 
@@ -1022,14 +1022,15 @@ function CreateMeshCentralServer(config, args) {
     obj.pendingProxyCertificatesRequests = 0;
     obj.lastProxyCertificatesRequest = null;
     obj.supportsProxyCertificatesRequest = false;
-    obj.updateProxyCertificates = function () {
-        var i;
-        if ((obj.pendingProxyCertificatesRequests > 0) || (obj.supportsProxyCertificatesRequest == false)) { return; }
-        if ((obj.lastProxyCertificatesRequest != null) && ((Date.now() - obj.lastProxyCertificatesRequest) < 120000)) { return; } // Don't allow this call more than every 2 minutes.
-        obj.lastProxyCertificatesRequest = Date.now();
+    obj.updateProxyCertificates = function (force) {
+        if (force !== true) {
+            if ((obj.pendingProxyCertificatesRequests > 0) || (obj.supportsProxyCertificatesRequest == false)) return;
+            if ((obj.lastProxyCertificatesRequest != null) && ((Date.now() - obj.lastProxyCertificatesRequest) < 120000)) return; // Don't allow this call more than every 2 minutes.
+            obj.lastProxyCertificatesRequest = Date.now();
+        }
 
         // Load any domain web certificates
-        for (i in obj.config.domains) {
+        for (var i in obj.config.domains) {
             if (obj.config.domains[i].certurl != null) {
                 // Load web certs
                 obj.pendingProxyCertificatesRequests++;
diff --git a/package.json b/package.json
index 4484ed1f..f65aa6eb 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.4.3-p",
+  "version": "0.4.3-q",
   "keywords": [
     "Remote Management",
     "Intel AMT",