diff --git a/docker-compose.yml b/docker-compose.yml index eb28ec8e7..13fb367b6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -157,7 +157,7 @@ services: - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n} - MASTER=${MASTER:-y} - DEV_MODE=${DEV_MODE:-n} - - WEBAUTHN_RESPECT_ROOTCA=${WEBAUTHN_RESPECT_ROOTCA:-n} + - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n} restart: always networks: mailcow-network: diff --git a/generate_config.sh b/generate_config.sh index 8664b7907..dceca9572 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -344,10 +344,10 @@ DOVECOT_MASTER_PASS= # https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/ ACME_CONTACT= -# Enable webauthn device manufacturer verification -# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed +# WebAuthn device manufacturer verification +# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates -WEBAUTHN_RESPECT_ROOTCA=n +WEBAUTHN_ONLY_TRUSTED_VENDORS=n EOF diff --git a/update.sh b/update.sh index 7565c9d79..2f03efff1 100755 --- a/update.sh +++ b/update.sh @@ -307,7 +307,7 @@ CONFIG_ARRAY=( "ADDITIONAL_SERVER_NAMES" "ACME_CONTACT" "WATCHDOG_VERBOSE" - "WEBAUTHN_RESPECT_ROOTCA" + "WEBAUTHN_ONLY_TRUSTED_VENDORS" ) sed -i --follow-symlinks '$a\' mailcow.conf @@ -515,12 +515,12 @@ for option in ${CONFIG_ARRAY[@]}; do echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf echo 'ACME_CONTACT=' >> mailcow.conf fi - elif [[ ${option} == "WEBAUTHN_RESPECT_ROOTCA" ]]; then + elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then if ! grep -q ${option} mailcow.conf; then - echo "# Enable webauthn device manufacturer verification" >> mailcow.conf - echo '# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed' >> mailcow.conf + echo "# WebAuthn device manufacturer verification" >> mailcow.conf + echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf - echo 'WEBAUTHN_RESPECT_ROOTCA=n' >> mailcow.conf + echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf fi elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then if ! grep -q ${option} mailcow.conf; then