[WebAuthn] update mailcow.conf

master
FreddleSpl0it 2022-01-19 20:17:43 +01:00 committed by GitHub
parent 0f464658cc
commit 8ae2fe0cf2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions

View File

@ -307,6 +307,7 @@ CONFIG_ARRAY=(
"ADDITIONAL_SERVER_NAMES"
"ACME_CONTACT"
"WATCHDOG_VERBOSE"
"WEBAUTHN_DISABLE_ROOTCA"
)
sed -i --follow-symlinks '$a\' mailcow.conf
@ -514,6 +515,25 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf
echo 'ACME_CONTACT=' >> mailcow.conf
fi
elif [[ ${option} == "WEBAUTHN_DISABLE_ROOTCA" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "# Disable including device root ca's for WebAuthn" >> mailcow.conf
echo '# setting WEBAUTHN_DISABLE_ROOTCA=y will allow you to use Fido2 devices from untrusted Manufacturers' >> mailcow.conf
echo '# It will solve "Error: invalid root certificate" at TFA device registration' >> mailcow.conf
echo '# Suported devices are' >> mailcow.conf
echo '# solo certified' >> mailcow.conf
echo '# apple certified' >> mailcow.conf
echo '# nitro certified' >> mailcow.conf
echo '# yubico certified' >> mailcow.conf
echo '# hypersecu certified' >> mailcow.conf
echo '# globalSign certified' >> mailcow.conf
echo '# googleHardware certified' >> mailcow.conf
echo '# microsoftTpmCollection certified' >> mailcow.conf
echo '# huawei certified' >> mailcow.conf
echo '# trustkey certified' >> mailcow.conf
echo '# bsi certified' >> mailcow.conf
echo 'WEBAUTHN_DISABLE_ROOTCA=' >> mailcow.conf
fi
elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo '# Enable watchdog verbose logging' >> mailcow.conf