Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configure cert trust #284

Closed
wants to merge 2 commits into from
Closed

configure cert trust #284

wants to merge 2 commits into from

Conversation

qrkourier
Copy link
Member

fixes #283

@qrkourier qrkourier marked this pull request as ready for review March 28, 2024 04:38
@qrkourier qrkourier requested review from a team as code owners March 28, 2024 04:38
qrkourier
qrkourier commented Mar 28, 2024
View reviewed changes
server.js
@@ -45,9 +45,9 @@ const __html = '/dist/ziti-console-lib/assets/html';

const loadModule = async (modulePath) => {
try {
return await import(modulePath)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for consistency

server.js
@@ -181,7 +181,8 @@ var bindIP = initial.bindIP;
var portTLS = initial.portTLS;
var updateSettings = initial.update;
var settingsPath = initial.location;
var rejectUnauthorized = false;
var rejectUnauthorized = initial.rejectUnauthorized;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

finish implementing rejectUnauthorized (require verifiable TLS server cert from Ziti API)

server.js
@@ -410,23 +419,30 @@ function Authenticate(request) {
};
log("Connecting to: "+serviceUrl+"/authenticate?method=password");
//if (request.session.creds != null) {
external.post(serviceUrl+"/authenticate?method=password", {json: params , rejectUnauthorized: rejectUnauthorized }, function(err, res, body) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indent

server.js
@@ -438,7 +454,7 @@ function Authenticate(request) {
*/
function GetPath() {
return new Promise(function(resolve, reject) {
external.get(baseUrl+"/edge/management/v1/version", {rejectUnauthorized: rejectUnauthorized}, function(err, res, body) {
external.get(baseUrl+"/edge/management/v1/version", tlsOpts, function(err, res, body) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

always include tlsOpts when calling the Ziti AP

server.js
if (err) {
log("Add Controller Error");
log(err);
response.json( {error: "Edge Controller not Online", errorObj: err} );
response.json( {error: "error adding edge controller", errorObj: err} );
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same error if online and GET fails for any other reason, e.g., TLS

@vercel Vercel
Copy link

vercel bot commented Apr 22, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
ziti-console ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 22, 2024 9:05pm

@qrkourier
Copy link
Member Author

@dovholuknf This branch completes the broken implementation of cert verification in the console server app and is ready for review.

@qrkourier qrkourier closed this May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dovholuknf dovholuknf Awaiting requested review from dovholuknf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

explain how to configure server cert trust
1 participant
@qrkourier