From 0ba6fd35f4c861b7fec7e38c416b408f3edd6c1b Mon Sep 17 00:00:00 2001 From: Christian Stein Date: Fri, 31 Jul 2020 10:20:53 +0200 Subject: [PATCH] Fixes TLS error on WebRequests for endpoints using TLS 1.2 Fixes #86 --- lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1 | 1 + lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1 | 2 ++ lib/apis/Register-IcingaDirectorSelfServiceHost.psm1 | 1 + lib/core/framework/Get-IcingaFrameworkServiceBinary.psm1 | 1 + lib/core/framework/Get-IcingaPowerShellModuleArchive.psm1 | 1 + lib/core/framework/Install-IcingaFrameworkComponent.psm1 | 2 ++ lib/core/icingaagent/getters/Get-IcingaAgentMSIPackage.psm1 | 1 + .../installer/Install-IcingaAgentCertificates.psm1 | 1 + lib/web/Set-IcingaTLSVersion.psm1 | 4 ++++ 9 files changed, 14 insertions(+) create mode 100644 lib/web/Set-IcingaTLSVersion.psm1 diff --git a/lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1 b/lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1 index e6614c4..c171f71 100644 --- a/lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1 +++ b/lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1 @@ -37,6 +37,7 @@ function Get-IcingaDirectorSelfServiceConfig() throw 'Please enter either a template or your host key. If this message persists, ensure your host is not having a template key assigned already. If so, you can try dropping it within the Icinga Director.'; } + Set-IcingaTLSVersion; $ProgressPreference = "SilentlyContinue"; $EndpointUrl = Join-WebPath -Path $DirectorUrl -ChildPath ([string]::Format('/self-service/powershell-parameters?key={0}', $ApiKey)); diff --git a/lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1 b/lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1 index f4c1b85..10c59df 100644 --- a/lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1 +++ b/lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1 @@ -38,6 +38,8 @@ function Get-IcingaDirectorSelfServiceTicket() return; } + Set-IcingaTLSVersion; + [string]$url = Join-WebPath -Path $DirectorUrl -ChildPath ([string]::Format('/self-service/ticket?key={0}', $ApiKey)); $response = Invoke-WebRequest -Uri $url -UseBasicParsing -Headers @{ 'accept' = 'application/json'; 'X-Director-Accept' = 'application/json' } -Method 'POST'; diff --git a/lib/apis/Register-IcingaDirectorSelfServiceHost.psm1 b/lib/apis/Register-IcingaDirectorSelfServiceHost.psm1 index adcee02..b02875d 100644 --- a/lib/apis/Register-IcingaDirectorSelfServiceHost.psm1 +++ b/lib/apis/Register-IcingaDirectorSelfServiceHost.psm1 @@ -49,6 +49,7 @@ function Register-IcingaDirectorSelfServiceHost() throw 'Please enter the API key of the template you wish to use'; } + Set-IcingaTLSVersion; $ProgressPreference = "SilentlyContinue"; $DirectorConfigJson = $null; diff --git a/lib/core/framework/Get-IcingaFrameworkServiceBinary.psm1 b/lib/core/framework/Get-IcingaFrameworkServiceBinary.psm1 index 0274a00..9a628aa 100644 --- a/lib/core/framework/Get-IcingaFrameworkServiceBinary.psm1 +++ b/lib/core/framework/Get-IcingaFrameworkServiceBinary.psm1 @@ -31,6 +31,7 @@ function Get-IcingaFrameworkServiceBinary() [string]$ServiceDirectory ); + Set-IcingaTLSVersion; $ProgressPreference = "SilentlyContinue"; if ([string]::IsNullOrEmpty($FrameworkServiceUrl)) { diff --git a/lib/core/framework/Get-IcingaPowerShellModuleArchive.psm1 b/lib/core/framework/Get-IcingaPowerShellModuleArchive.psm1 index 5ab880f..185a94c 100644 --- a/lib/core/framework/Get-IcingaPowerShellModuleArchive.psm1 +++ b/lib/core/framework/Get-IcingaPowerShellModuleArchive.psm1 @@ -46,6 +46,7 @@ function Get-IcingaPowerShellModuleArchive() [bool]$DryRun = $FALSE ); + Set-IcingaTLSVersion; $ProgressPreference = "SilentlyContinue"; $Tag = 'master'; [bool]$SkipRepo = $FALSE; diff --git a/lib/core/framework/Install-IcingaFrameworkComponent.psm1 b/lib/core/framework/Install-IcingaFrameworkComponent.psm1 index d9138b7..d360ae0 100644 --- a/lib/core/framework/Install-IcingaFrameworkComponent.psm1 +++ b/lib/core/framework/Install-IcingaFrameworkComponent.psm1 @@ -51,6 +51,8 @@ function Install-IcingaFrameworkComponent() throw 'Please specify a component name to install from a GitHub/Local space'; } + Set-IcingaTLSVersion; + $TextInfo = (Get-Culture).TextInfo; $ComponentName = $TextInfo.ToTitleCase($Name); $RepositoryName = [string]::Format('icinga-powershell-{0}', $Name); diff --git a/lib/core/icingaagent/getters/Get-IcingaAgentMSIPackage.psm1 b/lib/core/icingaagent/getters/Get-IcingaAgentMSIPackage.psm1 index c4b4077..8ddd524 100644 --- a/lib/core/icingaagent/getters/Get-IcingaAgentMSIPackage.psm1 +++ b/lib/core/icingaagent/getters/Get-IcingaAgentMSIPackage.psm1 @@ -14,6 +14,7 @@ function Get-IcingaAgentMSIPackage() throw 'Please specify a valid download URL, like "https://packages.icinga.com/windows/"'; } + Set-IcingaTLSVersion; # Disable the progress bar for the WebRequest $ProgressPreference = "SilentlyContinue"; $Architecture = Get-IcingaAgentArchitecture; diff --git a/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 b/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 index afa00be..7fa04f7 100644 --- a/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 +++ b/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 @@ -214,6 +214,7 @@ function Copy-IcingaAgentCACertificate() Copy-Item -Path $CAPath -Destination (Join-Path -Path $Desination -ChildPath 'ca.crt') | Out-Null; Write-IcingaConsoleNotice ([string]::Format('Copied ca.crt from "{0}" to "{1}', $CAPath, $Desination)); } else { + Set-IcingaTLSVersion; # It could also be a web ressource try { $response = Invoke-WebRequest $CAPath -UseBasicParsing; diff --git a/lib/web/Set-IcingaTLSVersion.psm1 b/lib/web/Set-IcingaTLSVersion.psm1 new file mode 100644 index 0000000..d106487 --- /dev/null +++ b/lib/web/Set-IcingaTLSVersion.psm1 @@ -0,0 +1,4 @@ +function Set-IcingaTLSVersion() +{ + [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11"; +}