mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-13 16:03:20 -05:00
Improved Intel AMT ACM certificate matching.
This commit is contained in:
parent
adf2a382ae
commit
bafad4310b
@ -2003,7 +2003,7 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
// Find a matching certificate
|
// Find a matching certificate
|
||||||
for (var i in activationCerts) {
|
for (var i in activationCerts) {
|
||||||
var cert = activationCerts[i];
|
var cert = activationCerts[i];
|
||||||
if ((cert.cn == '*') || (cert.cn == trustedFqdn)) {
|
if ((cert.cn == '*') || checkAcmActivationCertName(cert.cn, trustedFqdn)) {
|
||||||
for (var j in deviceHashes) {
|
for (var j in deviceHashes) {
|
||||||
var hashInfo = deviceHashes[j];
|
var hashInfo = deviceHashes[j];
|
||||||
if ((hashInfo != null) && (hashInfo.isActive == 1)) {
|
if ((hashInfo != null) && (hashInfo.isActive == 1)) {
|
||||||
@ -2016,6 +2016,14 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
return null; // Did not find a match
|
return null; // Did not find a match
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Return true if the trusted FQDN matched the certificate common name
|
||||||
|
function checkAcmActivationCertName(commonName, trustedFqdn) {
|
||||||
|
commonName = commonName.toLowerCase();
|
||||||
|
trustedFqdn = trustedFqdn.toLowerCase();
|
||||||
|
if (commonName.startsWith('*.') && (commonName.length > 2)) { commonName = commonName.substring(2); }
|
||||||
|
return ((commonName == trustedFqdn) || (trustedFqdn.endsWith('.' + commonName)));
|
||||||
|
}
|
||||||
|
|
||||||
// Attempt Intel AMT TLS ACM activation
|
// Attempt Intel AMT TLS ACM activation
|
||||||
function activateIntelAmtTlsAcm(dev, password, acminfo) {
|
function activateIntelAmtTlsAcm(dev, password, acminfo) {
|
||||||
// Check if MeshAgent/MeshCMD can support the startConfigurationhostB() call.
|
// Check if MeshAgent/MeshCMD can support the startConfigurationhostB() call.
|
||||||
|
Loading…
Reference in New Issue
Block a user