MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-12-26 07:05:52 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improved Intel AMT ACM certificate matching.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-07-01 15:20:39 -07:00
parent adf2a382ae
commit bafad4310b
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
amtmanager.js
View File

@ -2003,7 +2003,7 @@ module.exports.CreateAmtManager = function (parent) {
// Find a matching certificate // Find a matching certificate
for (var i in activationCerts) { for (var i in activationCerts) {
var cert = activationCerts[i]; var cert = activationCerts[i];
if ((cert.cn == '*') || (cert.cn == trustedFqdn)) { if ((cert.cn == '*') || checkAcmActivationCertName(cert.cn, trustedFqdn)) {
for (var j in deviceHashes) { for (var j in deviceHashes) {
var hashInfo = deviceHashes[j]; var hashInfo = deviceHashes[j];
if ((hashInfo != null) && (hashInfo.isActive == 1)) { if ((hashInfo != null) && (hashInfo.isActive == 1)) {
@ -2016,6 +2016,14 @@ module.exports.CreateAmtManager = function (parent) {
return null; // Did not find a match return null; // Did not find a match
} }
// Return true if the trusted FQDN matched the certificate common name
function checkAcmActivationCertName(commonName, trustedFqdn) {
commonName = commonName.toLowerCase();
trustedFqdn = trustedFqdn.toLowerCase();
if (commonName.startsWith('*.') && (commonName.length > 2)) { commonName = commonName.substring(2); }
return ((commonName == trustedFqdn) || (trustedFqdn.endsWith('.' + commonName)));
}
// Attempt Intel AMT TLS ACM activation // Attempt Intel AMT TLS ACM activation
function activateIntelAmtTlsAcm(dev, password, acminfo) { function activateIntelAmtTlsAcm(dev, password, acminfo) {
// Check if MeshAgent/MeshCMD can support the startConfigurationhostB() call. // Check if MeshAgent/MeshCMD can support the startConfigurationhostB() call.