From 8179777f7359049f462ac35b5a2b5964121d8ae0 Mon Sep 17 00:00:00 2001
From: Noah Zalev <github@nzalev.ca>
Date: Sun, 2 May 2021 14:43:55 -0400
Subject: [PATCH 1/2] Add 2-way auth options to mysqldump

---
 db.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/db.js b/db.js
index 00b67a82..3eea4466 100644
--- a/db.js
+++ b/db.js
@@ -1621,11 +1621,15 @@ module.exports.CreateDB = function (parent, func) {
             if (props.ssl) {
                 sslOptions = ' --ssl';
                 if (props.ssl.cacertpath) sslOptions = ' --ssl-verify-server-cert --ssl-ca=' + props.ssl.cacertpath;
+                if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
+                if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
             } 
         } else {
             if (props.ssl) {
                 sslOptions = ' --ssl-mode=required';
                 if (props.ssl.cacertpath) sslOptions = ' --ssl-mode=verify_identity --ssl-ca=' + props.ssl.cacertpath;
+                if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
+                if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
             }
         }
         cmd += sslOptions;

From 2f5c5d9b03fdd395222185db70ee22d69b335b16 Mon Sep 17 00:00:00 2001
From: Noah Zalev <github@nzalev.ca>
Date: Sun, 2 May 2021 15:30:38 -0400
Subject: [PATCH 2/2] Added addition ssl options

---
 db.js                          | 8 ++++++--
 meshcentral-config-schema.json | 6 ++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/db.js b/db.js
index 3eea4466..5ce08dcd 100644
--- a/db.js
+++ b/db.js
@@ -486,6 +486,7 @@ module.exports.CreateDB = function (parent, func) {
 
         try {
             if (connectinArgs.ssl) {
+                if (connectinArgs.ssl.dontcheckserveridentity == true) { connectionObject.ssl.checkServerIdentity = function(name, cert) { return undefined; } };
                 if (connectinArgs.ssl.cacertpath) { connectionObject.ssl.ca = [require('fs').readFileSync(connectinArgs.ssl.cacertpath, 'utf8')]; }
                 if (connectinArgs.ssl.clientcertpath) { connectionObject.ssl.cert = [require('fs').readFileSync(connectinArgs.ssl.clientcertpath, 'utf8')]; }
                 if (connectinArgs.ssl.clientkeypath) { connectionObject.ssl.key = [require('fs').readFileSync(connectinArgs.ssl.clientkeypath, 'utf8')]; }
@@ -1620,14 +1621,17 @@ module.exports.CreateDB = function (parent, func) {
         if (obj.databaseType == 4) {
             if (props.ssl) {
                 sslOptions = ' --ssl';
-                if (props.ssl.cacertpath) sslOptions = ' --ssl-verify-server-cert --ssl-ca=' + props.ssl.cacertpath;
+                if (props.ssl.cacertpath) sslOptions = ' --ssl-ca=' + props.ssl.cacertpath;
+                if (props.ssl.dontcheckserveridentity != true) sslOptions += ' --ssl-verify-server-cert';
                 if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
                 if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
             } 
         } else {
             if (props.ssl) {
                 sslOptions = ' --ssl-mode=required';
-                if (props.ssl.cacertpath) sslOptions = ' --ssl-mode=verify_identity --ssl-ca=' + props.ssl.cacertpath;
+                if (props.ssl.cacertpath) sslOptions = ' --ssl-ca=' + props.ssl.cacertpath;
+                if (props.ssl.dontcheckserveridentity != true) sslOptions += ' --ssl-mode=verify_identity';
+                else sslOptions += ' --ssl-mode=required';
                 if (props.ssl.clientcertpath) sslOptions += ' --ssl-cert=' + props.ssl.clientcertpath;
                 if (props.ssl.clientkeypath) sslOptions += ' --ssl-key=' + props.ssl.clientkeypath;
             }
diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index 110a3e9b..d26ee2a1 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -28,7 +28,8 @@
               "properties": {
                 "caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" },
                 "clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" },
-                "clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" }
+                "clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" },
+                "dontCheckServerIdentity": { "type": "boolean", "description": "Set true to not check the server hostname during verification" }
               }
             }
           }
@@ -48,7 +49,8 @@
               "properties": {
                 "caCertPath": { "type": "string", "description": "Absolute path to the CA certificate. Required for self-signed certificates" },
                 "clientCertPath": { "type": "string", "description": "Absolute path to the client certificate. Required for two-way SSL Authentication" },
-                "clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" }
+                "clientKeyPath": { "type": "string", "description": "Absolute path to the client key. Required for two-way SSL Authentication" },
+                "dontCheckServerIdentity": { "type": "boolean", "description": "Set true to not check the server hostname during verification" }
               }
             }
           }