Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-23 22:57:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2577 from nzalev/mysql/mariadb-ssl-support

Browse Source 
Mysql/mariadb ssl support - additional options
This commit is contained in:
Ylian Saint-Hilaire 2021-05-02 20:20:53 -07:00 committed by GitHub
commit b2dbcae527
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
db.js
View File

@ -486,6 +486,7 @@ module.exports.CreateDB = function (parent, func) {
try {
if (connectinArgs.ssl) {
if (connectinArgs.ssl.dontcheckserveridentity == true) { connectionObject.ssl.checkServerIdentity = function(name, cert) { return undefined; } };
if (connectinArgs.ssl.cacertpath) { connectionObject.ssl.ca = [require('fs').readFileSync(connectinArgs.ssl.cacertpath, 'utf8')]; }
if (connectinArgs.ssl.clientcertpath) { connectionObject.ssl.cert = [require('fs').readFileSync(connectinArgs.ssl.clientcertpath, 'utf8')]; }
if (connectinArgs.ssl.clientkeypath) { connectionObject.ssl.key = [require('fs').readFileSync(connectinArgs.ssl.clientkeypath, 'utf8')]; }
@ -1620,12 +1621,19 @@ module.exports.CreateDB = function (parent, func) {
if (obj.databaseType == 4) {
if (props.ssl) {
sslOptions = ' --ssl';
if (props.ssl.cacertpath) sslOptions = ' --ssl-verify-server-cert --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.cacertpath) sslOptions = ' --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.dontcheckserveridentity != true) sslOptions += ' --ssl-verify-server-cert';
if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
}
} else {
if (props.ssl) {
sslOptions = ' --ssl-mode=required';
if (props.ssl.cacertpath) sslOptions = ' --ssl-mode=verify_identity --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.cacertpath) sslOptions = ' --ssl-ca=' + props.ssl.cacertpath;
if (props.ssl.dontcheckserveridentity != true) sslOptions += ' --ssl-mode=verify_identity';
else sslOptions += ' --ssl-mode=required';
if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
}
}
cmd += sslOptions;

6
meshcentral-config-schema.json
View File

@ -28,7 +28,8 @@
"properties": {
"caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" },
"clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" },
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" }
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" },
"dontCheckServerIdentity": { "type": "boolean", "description": "Set true to not check the server hostname during verification" }
}
}
}
@ -48,7 +49,8 @@
"properties": {
"caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" },
"clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" },
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" }
"clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" },
"dontCheckServerIdentity": { "type": "boolean", "description": "Set true to not check the server hostname during verification" }
}
}
}