Cert check simplification and UI session fix.

spirelab · Jun 9, 2021 · 50abd95 · 50abd95
1 parent 13f9f27
commit 50abd95
Show file tree

Hide file tree

Showing 82 changed files with 11 additions and 89 deletions.
diff --git a/agents/MeshCentralAssistant.exe b/agents/MeshCentralAssistant.exe
diff --git a/agents/MeshCentralRouter.exe b/agents/MeshCentralRouter.exe
diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe
diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe
diff --git a/agents/meshcore.js b/agents/meshcore.js
@@ -858,15 +858,12 @@ function handleServerCommand(data) {
                                     try { sendConsoleText("control-fingerprint: " + require('MeshAgent').ServerInfo.ControlChannelCertificate.fingerprint); } catch (ex) { sendConsoleText(ex); }
                                     */
 
+                                    // Check if this is an old agent, no certificate checks are possible in this situation. Display a warning.
+                                    if ((require('MeshAgent').ServerInfo == null) || (require('MeshAgent').ServerInfo.ControlChannelCertificate == null) || (certs[0].digest == null)) { sendAgentMessage("This agent is using insecure tunnels, consider updating.", 3, 119, true); return; }
+
                                     // If the tunnel certificate matches the control channel certificate, accept the connection
-                                    var noErrors = true;
-                                    try { if (require('MeshAgent').ServerInfo.ControlChannelCertificate.digest == certs[0].digest) return; } catch (ex) { noErrors = false; }
-                                    try { if (require('MeshAgent').ServerInfo.ControlChannelCertificate.fingerprint == certs[0].fingerprint) return; } catch (ex) { noErrors = false; }
-                                    if (certs[0].digest == null || noErrors == true)
-                                    {
-                                        sendAgentMessage("This agent is using insecure tunnels, consider updating.", 3, 119, true);
-                                        return;
-                                    }
+                                    if (require('MeshAgent').ServerInfo.ControlChannelCertificate.digest == certs[0].digest) return; // Control channel certificate matches using full cert hash
+                                    if ((certs[0].fingerprint != null) && (require('MeshAgent').ServerInfo.ControlChannelCertificate.fingerprint == certs[0].fingerprint)) return; // Control channel certificate matches using public key hash
 
                                     // Check that the certificate is the one expected by the server, fail if not.
                                     if ((checkServerIdentity.servertlshash != null) && (checkServerIdentity.servertlshash.toLowerCase() != certs[0].digest.split(':').join('').toLowerCase())) { throw new Error('BadCert') }
@@ -4472,7 +4469,7 @@ function handleServerConnection(state)
         }
         else if (global._MSH == null)
         {
-            sendAgentMessage("This agent is outdated, consider updating.", 3, 120);
+            sendAgentMessage("This is an old agent version, consider updating.", 3, 117);
         }
 
         var oldNodeId = db.Get('OldNodeId');

diff --git a/emails/translations/account-check-min_cs.html b/emails/translations/account-check-min_cs.html
diff --git a/emails/translations/account-check-min_de.html b/emails/translations/account-check-min_de.html
diff --git a/emails/translations/account-check-min_es.html b/emails/translations/account-check-min_es.html
diff --git a/emails/translations/account-check-min_fi.html b/emails/translations/account-check-min_fi.html
diff --git a/emails/translations/account-check-min_fr.html b/emails/translations/account-check-min_fr.html
diff --git a/emails/translations/account-check-min_hi.html b/emails/translations/account-check-min_hi.html
diff --git a/emails/translations/account-check-min_it.html b/emails/translations/account-check-min_it.html
diff --git a/emails/translations/account-check-min_ja.html b/emails/translations/account-check-min_ja.html
diff --git a/emails/translations/account-check-min_ko.html b/emails/translations/account-check-min_ko.html
diff --git a/emails/translations/account-check-min_nl.html b/emails/translations/account-check-min_nl.html
diff --git a/emails/translations/account-check-min_pt.html b/emails/translations/account-check-min_pt.html
diff --git a/emails/translations/account-check-min_ru.html b/emails/translations/account-check-min_ru.html
diff --git a/emails/translations/account-check-min_tr.html b/emails/translations/account-check-min_tr.html
diff --git a/emails/translations/account-check-min_zh-chs.html b/emails/translations/account-check-min_zh-chs.html
diff --git a/emails/translations/account-check-min_zh-cht.html b/emails/translations/account-check-min_zh-cht.html
diff --git a/emails/translations/account-invite-min_cs.html b/emails/translations/account-invite-min_cs.html
diff --git a/emails/translations/account-invite-min_de.html b/emails/translations/account-invite-min_de.html
diff --git a/emails/translations/account-invite-min_es.html b/emails/translations/account-invite-min_es.html
diff --git a/emails/translations/account-invite-min_fi.html b/emails/translations/account-invite-min_fi.html
diff --git a/emails/translations/account-invite-min_fr.html b/emails/translations/account-invite-min_fr.html
diff --git a/emails/translations/account-invite-min_hi.html b/emails/translations/account-invite-min_hi.html
diff --git a/emails/translations/account-invite-min_it.html b/emails/translations/account-invite-min_it.html
diff --git a/emails/translations/account-invite-min_ja.html b/emails/translations/account-invite-min_ja.html