mirror of
https://github.com/louislam/uptime-kuma.git
synced 2025-01-17 18:08:06 +00:00
Feat: Use keylog event to obtain TLS certificate for better reliability [1.23.X] (#4630)
Co-authored-by: Frank Elsinga <frank@elsinga.de>
This commit is contained in:
parent
0e30ea830d
commit
893278bd3d
2 changed files with 29 additions and 25 deletions
|
@ -512,6 +512,12 @@ class Monitor extends BeanModel {
|
|||
}
|
||||
}
|
||||
|
||||
let tlsInfo;
|
||||
// Store tlsInfo when key material is received
|
||||
options.httpsAgent.on("keylog", (line, tlsSocket) => {
|
||||
tlsInfo = checkCertificate(tlsSocket);
|
||||
});
|
||||
|
||||
log.debug("monitor", `[${this.name}] Axios Options: ${JSON.stringify(options)}`);
|
||||
log.debug("monitor", `[${this.name}] Axios Request`);
|
||||
|
||||
|
@ -521,29 +527,20 @@ class Monitor extends BeanModel {
|
|||
bean.msg = `${res.status} - ${res.statusText}`;
|
||||
bean.ping = dayjs().valueOf() - startTime;
|
||||
|
||||
// Check certificate if https is used
|
||||
let certInfoStartTime = dayjs().valueOf();
|
||||
// Store certificate and check for expiry if https is used
|
||||
if (this.getUrl()?.protocol === "https:") {
|
||||
log.debug("monitor", `[${this.name}] Check cert`);
|
||||
try {
|
||||
let tlsInfoObject = checkCertificate(res);
|
||||
tlsInfo = await this.updateTlsInfo(tlsInfoObject);
|
||||
// No way to listen for the `secureConnection` event, so we do it here
|
||||
const tlssocket = res.request.res.socket;
|
||||
|
||||
if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
|
||||
log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
|
||||
await this.checkCertExpiryNotifications(tlsInfoObject);
|
||||
}
|
||||
|
||||
} catch (e) {
|
||||
if (e.message !== "No TLS certificate in response") {
|
||||
log.error("monitor", "Caught error");
|
||||
log.error("monitor", e.message);
|
||||
}
|
||||
if (tlssocket) {
|
||||
tlsInfo.valid = tlssocket.authorized || false;
|
||||
}
|
||||
}
|
||||
|
||||
if (process.env.TIMELOGGER === "1") {
|
||||
log.debug("monitor", "Cert Info Query Time: " + (dayjs().valueOf() - certInfoStartTime) + "ms");
|
||||
await this.updateTlsInfo(tlsInfo);
|
||||
if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
|
||||
log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
|
||||
await this.checkCertExpiryNotifications(tlsInfo);
|
||||
}
|
||||
}
|
||||
|
||||
if (process.env.UPTIME_KUMA_LOG_RESPONSE_BODY_MONITOR_ID === this.id) {
|
||||
|
|
|
@ -716,20 +716,27 @@ const parseCertificateInfo = function (info) {
|
|||
|
||||
/**
|
||||
* Check if certificate is valid
|
||||
* @param {Object} res Response object from axios
|
||||
* @param {tls.TLSSocket} socket TLSSocket, which may or may not be connected
|
||||
* @returns {Object} Object containing certificate information
|
||||
*/
|
||||
exports.checkCertificate = function (res) {
|
||||
if (!res.request.res.socket) {
|
||||
throw new Error("No socket found");
|
||||
exports.checkCertificate = function (socket) {
|
||||
let certInfoStartTime = dayjs().valueOf();
|
||||
|
||||
// Return null if there is no socket
|
||||
if (socket === undefined || socket == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const info = res.request.res.socket.getPeerCertificate(true);
|
||||
const valid = res.request.res.socket.authorized || false;
|
||||
const info = socket.getPeerCertificate(true);
|
||||
const valid = socket.authorized || false;
|
||||
|
||||
log.debug("cert", "Parsing Certificate Info");
|
||||
const parsedInfo = parseCertificateInfo(info);
|
||||
|
||||
if (process.env.TIMELOGGER === "1") {
|
||||
log.debug("monitor", "Cert Info Query Time: " + (dayjs().valueOf() - certInfoStartTime) + "ms");
|
||||
}
|
||||
|
||||
return {
|
||||
valid: valid,
|
||||
certInfo: parsedInfo
|
||||
|
|
Loading…
Reference in a new issue