mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-11 23:13:21 -05:00
Added ECDSA support in server and Windows and Linux agents.
This commit is contained in:
parent
fb48cb3945
commit
af8e3f6fc8
@ -171,6 +171,7 @@
|
||||
<Content Include="public\images\mapmarker.png" />
|
||||
<Content Include="public\images\meshicon50.png" />
|
||||
<Content Include="public\images\trash.png" />
|
||||
<Content Include="public\messenger.htm" />
|
||||
<Content Include="public\scriptblocks.txt" />
|
||||
<Content Include="public\sounds\chimes.mp3" />
|
||||
<Content Include="public\styles\font-awesome\css\font-awesome.min.css" />
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -198,7 +198,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||
obj.receivedCommands += 1; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
|
||||
|
||||
// Check that the server hash matches our own web certificate hash (SHA384)
|
||||
if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent connected with bad web certificate hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; }
|
||||
if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; }
|
||||
|
||||
// Use our server private key to sign the ServerHash + AgentNonce + ServerNonce
|
||||
obj.agentnonce = msg.substring(50, 98);
|
||||
|
@ -419,7 +419,7 @@ function CreateMeshCentralServer(config, args) {
|
||||
obj.certificateOperations.loadCertificate(obj.config.domains[i].certurl, obj.config.domains[i], function (url, cert, xdomain) {
|
||||
if (cert != null) {
|
||||
// Hash the entire cert
|
||||
var hash = obj.crypto.createHash('sha384').update(cert).digest('hex');
|
||||
var hash = obj.crypto.createHash('sha384').update(Buffer.from(cert, 'binary')).digest('hex');
|
||||
if (xdomain.certhash != hash) {
|
||||
xdomain.certkeyhash = hash;
|
||||
xdomain.certhash = hash;
|
||||
@ -429,7 +429,7 @@ function CreateMeshCentralServer(config, args) {
|
||||
// Decode a RSA certificate and hash the public key, if this is not RSA, skip this.
|
||||
var forgeCert = obj.certificateOperations.forge.pki.certificateFromAsn1(obj.certificateOperations.forge.asn1.fromDer(cert));
|
||||
xdomain.certkeyhash = obj.certificateOperations.forge.pki.getPublicKeyFingerprint(forgeCert.publicKey, { md: obj.certificateOperations.forge.md.sha384.create(), encoding: 'hex' });
|
||||
console.log('V1: ' + xdomain.certkeyhash);
|
||||
//console.log('V1: ' + xdomain.certkeyhash);
|
||||
} catch (ex) { }
|
||||
|
||||
console.log('Loaded web certificate from ' + url);
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.2.3-y",
|
||||
"version": "0.2.4-a",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user