mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-27 16:02:16 +03:00
Fixed Intel AMT ACM certificate matching bug, #2805.
This commit is contained in:
parent
47a8952c19
commit
37418ba6e0
@ -49,7 +49,7 @@ module.exports.CertificateOperations = function (parent) {
|
|||||||
if ((certEntry.sha256 == hash) && ((certEntry.cn == '*') || checkAcmActivationCertName(certEntry.cn, fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
if ((certEntry.sha256 == hash) && ((certEntry.cn == '*') || checkAcmActivationCertName(certEntry.cn, fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
||||||
if ((certEntry.sha1 == hash) && ((certEntry.cn == '*') || checkAcmActivationCertName(certEntry.cn, fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
if ((certEntry.sha1 == hash) && ((certEntry.cn == '*') || checkAcmActivationCertName(certEntry.cn, fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
||||||
}
|
}
|
||||||
if (signkey == null) return { action: 'acmactivate', error: 2, errorText: "No signing certificate found." }; // Did not find a match.
|
if (signkey == null) return { action: 'acmactivate', error: 2, errorText: "Can't create ACM cert chain, no signing certificate found." }; // Did not find a match.
|
||||||
|
|
||||||
// If the matching certificate our wildcard root cert, we can use the root to match any FQDN
|
// If the matching certificate our wildcard root cert, we can use the root to match any FQDN
|
||||||
if (domain.amtacmactivation.certs[certIndex].cn == '*') {
|
if (domain.amtacmactivation.certs[certIndex].cn == '*') {
|
||||||
@ -86,10 +86,10 @@ module.exports.CertificateOperations = function (parent) {
|
|||||||
var signkey = null, certChain = null, hashAlgo = null, certIndex = null;
|
var signkey = null, certChain = null, hashAlgo = null, certIndex = null;
|
||||||
for (var i in domain.amtacmactivation.certs) {
|
for (var i in domain.amtacmactivation.certs) {
|
||||||
const certEntry = domain.amtacmactivation.certs[i];
|
const certEntry = domain.amtacmactivation.certs[i];
|
||||||
if ((certEntry.sha256 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
if ((certEntry.sha256 == request.hash) && ((certEntry.cn == '*') || checkAcmActivationCertName(certEntry.cn, request.fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
||||||
if ((certEntry.sha1 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
if ((certEntry.sha1 == request.hash) && ((certEntry.cn == '*') || checkAcmActivationCertName(certEntry.cn, request.fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
|
||||||
}
|
}
|
||||||
if (signkey == null) return { 'action': 'acmactivate', 'error': 2, 'errorText': "No signing certificate found." }; // Did not find a match.
|
if (signkey == null) return { 'action': 'acmactivate', 'error': 2, 'errorText': "Can't sign ACM request, no signing certificate found (2)." }; // Did not find a match.
|
||||||
|
|
||||||
// If the matching certificate our wildcard root cert, we can use the root to match any FQDN
|
// If the matching certificate our wildcard root cert, we can use the root to match any FQDN
|
||||||
if (domain.amtacmactivation.certs[certIndex].cn == '*') {
|
if (domain.amtacmactivation.certs[certIndex].cn == '*') {
|
||||||
|
Loading…
Reference in New Issue
Block a user