From 8ae2fe0cf266cff3fe1c062fefd38d2996c9cf70 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com> Date: Wed, 19 Jan 2022 20:17:43 +0100 Subject: [PATCH] [WebAuthn] update mailcow.conf --- update.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/update.sh b/update.sh index 9b7a92ef..3a846cbb 100755 --- a/update.sh +++ b/update.sh @@ -307,6 +307,7 @@ CONFIG_ARRAY=( "ADDITIONAL_SERVER_NAMES" "ACME_CONTACT" "WATCHDOG_VERBOSE" + "WEBAUTHN_DISABLE_ROOTCA" ) sed -i --follow-symlinks '$a\' mailcow.conf @@ -514,6 +515,25 @@ for option in ${CONFIG_ARRAY[@]}; do echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf echo 'ACME_CONTACT=' >> mailcow.conf fi + elif [[ ${option} == "WEBAUTHN_DISABLE_ROOTCA" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "# Disable including device root ca's for WebAuthn" >> mailcow.conf + echo '# setting WEBAUTHN_DISABLE_ROOTCA=y will allow you to use Fido2 devices from untrusted Manufacturers' >> mailcow.conf + echo '# It will solve "Error: invalid root certificate" at TFA device registration' >> mailcow.conf + echo '# Suported devices are' >> mailcow.conf + echo '# solo certified' >> mailcow.conf + echo '# apple certified' >> mailcow.conf + echo '# nitro certified' >> mailcow.conf + echo '# yubico certified' >> mailcow.conf + echo '# hypersecu certified' >> mailcow.conf + echo '# globalSign certified' >> mailcow.conf + echo '# googleHardware certified' >> mailcow.conf + echo '# microsoftTpmCollection certified' >> mailcow.conf + echo '# huawei certified' >> mailcow.conf + echo '# trustkey certified' >> mailcow.conf + echo '# bsi certified' >> mailcow.conf + echo 'WEBAUTHN_DISABLE_ROOTCA=' >> mailcow.conf + fi elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then if ! grep -q ${option} mailcow.conf; then echo '# Enable watchdog verbose logging' >> mailcow.conf