@@ -215,6 +215,7 @@ public class BubbleConfiguration extends PgRestServerConfiguration | |||||
@Getter @Setter private LegalInfo legal = new LegalInfo(); | @Getter @Setter private LegalInfo legal = new LegalInfo(); | ||||
@Getter @Setter private AppLinks appLinks = new AppLinks(); | @Getter @Setter private AppLinks appLinks = new AppLinks(); | ||||
@Getter @Setter private String certificateValidationHost; | |||||
@Override @JsonIgnore public Handlebars getHandlebars() { return BubbleHandlebars.instance.getHandlebars(); } | @Override @JsonIgnore public Handlebars getHandlebars() { return BubbleHandlebars.instance.getHandlebars(); } | ||||
@@ -37,7 +37,9 @@ | |||||
{"name": "app_link_android", "value": "[[appLinks.android]]"}, | {"name": "app_link_android", "value": "[[appLinks.android]]"}, | ||||
{"name": "app_link_windows", "value": "[[appLinks.windows]]"}, | {"name": "app_link_windows", "value": "[[appLinks.windows]]"}, | ||||
{"name": "app_link_macosx", "value": "[[appLinks.macosx]]"}, | {"name": "app_link_macosx", "value": "[[appLinks.macosx]]"}, | ||||
{"name": "app_link_linux", "value": "[[appLinks.linux]]"} | |||||
{"name": "app_link_linux", "value": "[[appLinks.linux]]"}, | |||||
{"name": "cert_validation_host", "value": "[[configuration.certificateValidationHost]]"} | |||||
], | ], | ||||
"optionalConfigNames": ["restore_key", "restore_timeout", "error_url", "error_key", "error_env"] | "optionalConfigNames": ["restore_key", "restore_timeout", "error_url", "error_key", "error_env"] | ||||
} | } |
@@ -20,3 +20,5 @@ export APP_LINK_ANDROID={{ app_link_android }} | |||||
export APP_LINK_WINDOWS={{ app_link_windows }} | export APP_LINK_WINDOWS={{ app_link_windows }} | ||||
export APP_LINK_MACOSX={{ app_link_macosx }} | export APP_LINK_MACOSX={{ app_link_macosx }} | ||||
export APP_LINK_LINUX={{ app_link_linux }} | export APP_LINK_LINUX={{ app_link_linux }} | ||||
export CERT_VALIDATION_HOST={{ cert_validation_host }} |
@@ -11,6 +11,7 @@ | |||||
{"name": "sage_ip6", "value": "[[sageNode.ip6]]"}, | {"name": "sage_ip6", "value": "[[sageNode.ip6]]"}, | ||||
{"name": "cert_name", "value": "bubble-[[network.shortId]]"}, | {"name": "cert_name", "value": "bubble-[[network.shortId]]"}, | ||||
{"name": "cert_org", "value": "Bubble [[network.shortId]]"}, | {"name": "cert_org", "value": "Bubble [[network.shortId]]"}, | ||||
{"name": "cert_cn", "value": "[[network.certCNAME]]"} | |||||
{"name": "cert_cn", "value": "[[network.certCNAME]]"}, | |||||
{"name": "cert_validation_host", "value": "[[configuration.certificateValidationHost]]"} | |||||
] | ] | ||||
} | } |
@@ -6,3 +6,4 @@ bubble_ssl_port = '{{ ssl_port }}' | |||||
bubble_sage_host = '{{ sage_host }}' | bubble_sage_host = '{{ sage_host }}' | ||||
bubble_sage_ip4 = '{{ sage_ip4 }}' | bubble_sage_ip4 = '{{ sage_ip4 }}' | ||||
bubble_sage_ip6 = '{{ sage_ip6 }}' | bubble_sage_ip6 = '{{ sage_ip6 }}' | ||||
cert_validation_host = '{{ cert_validation_host }}' |
@@ -109,3 +109,5 @@ appLinks: | |||||
windows: {{APP_LINK_WINDOWS}} | windows: {{APP_LINK_WINDOWS}} | ||||
macosx: {{APP_LINK_MACOSX}} | macosx: {{APP_LINK_MACOSX}} | ||||
linux: {{APP_LINK_LINUX}} | linux: {{APP_LINK_LINUX}} | ||||
certificateValidationHost: {{CERT_VALIDATION_HOST}} |
@@ -28,7 +28,7 @@ from mitmproxy.exceptions import TlsProtocolException | |||||
from mitmproxy.net import tls as net_tls | from mitmproxy.net import tls as net_tls | ||||
from bubble_api import bubble_log, bubble_conn_check, bubble_activity_log, redis_set | from bubble_api import bubble_log, bubble_conn_check, bubble_activity_log, redis_set | ||||
from bubble_config import bubble_sage_host, bubble_sage_ip4, bubble_sage_ip6 | |||||
from bubble_config import bubble_sage_host, bubble_sage_ip4, bubble_sage_ip6, cert_validation_host | |||||
import redis | import redis | ||||
import json | import json | ||||
import subprocess | import subprocess | ||||
@@ -210,6 +210,10 @@ def next_layer(next_layer): | |||||
bubble_log('next_layer: enabling passthru for server='+server_addr+' because security_level='+security_level+' for client='+client_addr) | bubble_log('next_layer: enabling passthru for server='+server_addr+' because security_level='+security_level+' for client='+client_addr) | ||||
check = FORCE_PASSTHRU | check = FORCE_PASSTHRU | ||||
elif fqdns is not None and len(fqdns) == 1 and cert_validation_host == fqdns[0]: | |||||
bubble_log('next_layer: NOT enabling passthru for server='+server_addr+' because fqdn is cert_validation_host ('+cert_validation_host+') for client='+client_addr) | |||||
return | |||||
elif security_level == SEC_STD and no_fqdns: | elif security_level == SEC_STD and no_fqdns: | ||||
bubble_log('next_layer: enabling passthru for server='+server_addr+' because no FQDN found and security_level='+security_level+' for client='+client_addr) | bubble_log('next_layer: enabling passthru for server='+server_addr+' because no FQDN found and security_level='+security_level+' for client='+client_addr) | ||||
check = FORCE_PASSTHRU | check = FORCE_PASSTHRU | ||||