Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Remove APNS certificate validation from server start up (#21728)

Browse source
This commit is contained in:
Sarah Gillespie 2024-08-30 17:36:29 -05:00 committed by GitHub
parent 4ffde1dc09
commit 6d1de32713
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changes/21683-apns-cert-validation-on-start Normal file
View file

@ -0,0 +1,2 @@
- Removed validation of APNS certificate from server startup. This was no longer necessary because
we now allow for APNS certificates to be renewed in the UI.

21
cmd/fleet/serve.go
View file

@ -22,7 +22,6 @@ import (
"github.com/e-dard/netbug"
"github.com/fleetdm/fleet/v4/ee/server/licensing"
eeservice "github.com/fleetdm/fleet/v4/ee/server/service"
"github.com/fleetdm/fleet/v4/pkg/certificate"
"github.com/fleetdm/fleet/v4/pkg/scripts"
"github.com/fleetdm/fleet/v4/server"
configpkg "github.com/fleetdm/fleet/v4/server/config"
@ -75,8 +74,10 @@ import (
var allowedURLPrefixRegexp = regexp.MustCompile("^(?:/[a-zA-Z0-9_.~-]+)+$")
const softwareInstallerUploadTimeout = 4 * time.Minute
const liveQueryMemCacheDuration = 1 * time.Second
const (
softwareInstallerUploadTimeout = 4 * time.Minute
liveQueryMemCacheDuration = 1 * time.Second
)
type initializer interface {
// Initialize is used to populate a datastore with
@ -510,7 +511,7 @@ the way that the Fleet server works.
initFatal(errors.New("inserting APNs and SCEP assets"), "missing required private key. Learn how to configure the private key here: https://fleetdm.com/learn-more-about/fleet-server-private-key")
}
apnsCert, apnsCertPEM, apnsKeyPEM, err := config.MDM.AppleAPNs()
_, apnsCertPEM, apnsKeyPEM, err := config.MDM.AppleAPNs()
if err != nil {
initFatal(err, "validate Apple APNs certificate and key")
}
@ -520,18 +521,6 @@ the way that the Fleet server works.
initFatal(err, "validate Apple SCEP certificate and key")
}
const (
apnsConnectionTimeout = 10 * time.Second
apnsConnectionURL = "https://api.sandbox.push.apple.com"
)
// check that the Apple APNs certificate is valid to connect to the API
ctx, cancel := context.WithTimeout(context.Background(), apnsConnectionTimeout)
if err := certificate.ValidateClientAuthTLSConnection(ctx, apnsCert, apnsConnectionURL); err != nil {
initFatal(err, "validate authentication with Apple APNs certificate")
}
cancel()
err = ds.InsertMDMConfigAssets(context.Background(), []fleet.MDMConfigAsset{
{Name: fleet.MDMAssetAPNSCert, Value: apnsCertPEM},
{Name: fleet.MDMAssetAPNSKey, Value: apnsKeyPEM},