From dc75589bd30f05be81f148ae6ea7b0608ddba2ab Mon Sep 17 00:00:00 2001 From: Noah Zalev Date: Fri, 30 Apr 2021 23:16:48 -0400 Subject: [PATCH] Added selfsigned cert support to mysql/mariadb ssl --- db.js | 9 +++++++++ meshcentral-config-schema.json | 22 ++++++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/db.js b/db.js index 90704fe0..26554b3a 100644 --- a/db.js +++ b/db.js @@ -446,6 +446,15 @@ module.exports.CreateDB = function (parent, func) { var connectionObject = Clone(connectinArgs); delete connectionObject.database; + try { + if (connectinArgs.ssl.cacertpath) { connectionObject.ssl.ca = [require('fs').readFileSync(connectinArgs.ssl.cacertpath, 'utf8')]; } + if (connectinArgs.ssl.clientcertpath) { connectionObject.ssl.cert = [require('fs').readFileSync(connectinArgs.ssl.clientcertpath, 'utf8')]; } + if (connectinArgs.ssl.clientkeypath) { connectionObject.ssl.key = [require('fs').readFileSync(connectinArgs.ssl.clientkeypath, 'utf8')]; } + } catch (ex) { + console.log('Error loading SQL Connector certificate: ' + ex); + process.exit(); + } + if (parent.args.mariadb) { // Use MariaDB obj.databaseType = 4; diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index d37f283b..110a3e9b 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -21,7 +21,16 @@ "port": { "type": "number", "description": "MariaDB port number" }, "password": { "type": "string", "description": "MariaDB password" }, "connectionLimit": { "type": "number", "description": "MariaDB connection limit" }, - "database": { "type": "string", "default": "meshcentral", "description": "Name of MariaDB database used" } + "database": { "type": "string", "default": "meshcentral", "description": "Name of MariaDB database used" }, + "ssl": { + "type": "object", + "description": "SSL Options. Set to true (boolean) for default options.", + "properties": { + "caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" }, + "clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" }, + "clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" } + } + } } }, "mySQL": { @@ -32,7 +41,16 @@ "port": { "type": "number", "description": "MySQL port number" }, "user": { "type": "string", "description": "MySQL username" }, "password": { "type": "string", "description": "MySQL password" }, - "database": { "type": "string", "default": "meshcentral", "description": "Name of MySQL database used" } + "database": { "type": "string", "default": "meshcentral", "description": "Name of MySQL database used" }, + "ssl": { + "type": "object", + "description": "SSL Options. Set to true (boolean) for default options.", + "properties": { + "caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" }, + "clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" }, + "clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" } + } + } } }, "WANonly": { "type": "boolean", "default": false, "description": "When enabled, only MeshCentral WAN features are enabled and agents will connect to the server using a well known DNS name." },