fix: tls check shouldnt rely on an external service

2018-06-20 17:05:43 +10:00 · 2018-06-20 17:05:43 +10:00 · 0ca2496481
commit 0ca2496481
parent 1a8c986fb1
4 changed files with 88 additions and 4 deletions
--- a/script/tls.cert.pem
+++ b/script/tls.cert.pem
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAkwCCQDw+ZvdiZ6UJTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVTRSBUSElT
+IENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYDVQQDDAlk
+ZWFkLmNlcnQwHhcNMTgwNjIwMDY0OTE2WhcNMTkwNjIwMDY0OTE2WjB0MQswCQYD
+VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVT
+RSBUSElTIENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYD
+VQQDDAlkZWFkLmNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9
+0UnRjuXgIO1no5xFCugzcje1GlDd88AJCJyxySOJZhpry1S9mtrM0iQvGb+v9ixq
+mLuMBEsG1mvjECD6mFREHHK2NHFuSnfKtZkkzb3/turSEvmiRCXD+X0N+knuXjjl
+P6eo+hiGhhkDYHxz19e66ecVAYQThkQinZDU0l0rMbEMB9fKwcgiC9vG6tE7fE4i
+z3WLhT+LBS02qkJGLGIyCnOsJMMBoXpAV0DwB2CA05vTP8SrrllMg2Q4YAFhxAZl
+f/YHeJsvVyhbbw/k+oPypgdKRjYSCwSFgllOADVBv5gJ6lWt3to7B/HpFh9pTNuA
+12go7AJ2tBrIBj485P7HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWyR7u+Tcde
+U1kwitc6cJYwE2uZZS8+f5L3WLouoAw4Jr0GlqO9uZC8lwMbvO5tRN1khV8HdZ8k
+c/qoY/fwzW0qNjDDfz9tev73iu8SlL4iu9g9CDlISIFZlqmBr+g3Szw/l2ghud3a
+bogwgsZjWlODWFsJJE9gBKSzh2oiDDYa4PWkrkTg8VUe/8BLUc2ijKc6KXPPR72V
+iDXqKmM3S+Pa6a/evJo1z0KxsbSqs/ErIzY7JxSPG6Gw7NMYD6QmoJhNePicarIA
+LRFZqTFfi8v7Dmj58WI9BN1dkGtzTpYM4RL4gjmQmTf7J+mpgPDH9pi1pB1NZwxN
+pJmyETQUqDA=
+-----END CERTIFICATE-----
--- a/script/tls.js
+++ b/script/tls.js
@ -0,0 +1,18 @@
+var fs = require('fs')
+var https = require('https')
+var path = require('path')
+
+var server = https.createServer({
+  key: fs.readFileSync(path.resolve(__dirname, 'tls.key.pem')),
+  cert: fs.readFileSync(path.resolve(__dirname, 'tls.cert.pem'))
+}, (req, res) => {
+  res.end(JSON.stringify({ protocol: req.socket.getProtocol() }))
+
+  setTimeout(() => {
+    server.close()
+  }, 0)
+})
+
+server.listen(0, () => {
+  console.log(server.address().port)
+})
--- a/script/tls.key.pem
+++ b/script/tls.key.pem
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvdFJ0Y7l4CDtZ6OcRQroM3I3tRpQ3fPACQicsckjiWYaa8tU
+vZrazNIkLxm/r/Ysapi7jARLBtZr4xAg+phURBxytjRxbkp3yrWZJM29/7bq0hL5
+okQlw/l9DfpJ7l445T+nqPoYhoYZA2B8c9fXuunnFQGEE4ZEIp2Q1NJdKzGxDAfX
+ysHIIgvbxurRO3xOIs91i4U/iwUtNqpCRixiMgpzrCTDAaF6QFdA8AdggNOb0z/E
+q65ZTINkOGABYcQGZX/2B3ibL1coW28P5PqD8qYHSkY2EgsEhYJZTgA1Qb+YCepV
+rd7aOwfx6RYfaUzbgNdoKOwCdrQayAY+POT+xwIDAQABAoIBAEDIT/hMW9odgsjP
+RwMtUMhWH/sYKydFDHJI1Sm8Kvu2tCe78oTvd+NViPHmSMymKMyMqd2EjZKc1Z9e
+HtNH7+J7Dw9uYJQyqCWvyr+L1F+UrxnZTgd6WKVE3dBKbrcCw0pCalc6W+p1k83a
+PT9QGBl7wNkjdk8vkMt7mTV5QkD+El20bsxhgVptS/SOgcRZha5HHC074b/WU0lr
+gXm+9Bmh3ND/FRF8rE2FEd8JjmEOioidpv/RaQyuj3Zc3Wf4cex7JLkhlpWaxriz
+5WxnIURtRDYruP1kjvACQGYnpBsBPA86vsRk03/vKpjmcklYDNbzc2uU7IWRmMsh
+VXILl7kCgYEA9BQogsCOyxiHwIcG7d7n8eG8UrBeFVTCOKabQCVX4jr2d6JbFGCX
+7BHTaSoN7QU1fmBJXp8+LckQ2TLKYKfGVzgyKjymJYgm4DE4r39jaHln+llHLOOW
+RiC+IC2npCYEsE+8A4wlOqi02srSVIriOT8tbZSSxnC8C+tkBANc4pUCgYEAxxas
+onV5RyK7/XhhKofueEw8h3IvrjQzVLUQZ+XtTcsJVcuAwEhoJ4Ckpwaou69i4M8y
+OZJLUlU/UJykrgdmGmwcSE+Ncv7RjyQVhHThSSV+n9vdmdm+Jk93Eya4PG7oCF6
+a+qtXdH/1IQ4YRTBbxKQDPjQCXC4G7fbqlzdAOsCgYEAmtsfSLW64whROMlykADY
+0BIUVbIoPwhjoWWzImOO+q3GKekMOEWAnfpBU3unEjY31lJoumv2Gz5yPhuHYwOP
+R08UJNAN6coUQDF6cX41J9e/LIrwKX7LnPqxJeFRd0fXubUc6HNGO41GEXqVL6Ze
+GUwIGnolFVn5NObHsfQgPnECgYBAf6gOOeDAmxAsXgOcs80eTBSQDP5FgcPffYmD
+H4px2YV8tiFQKiUUJykws4eWxotSKc5ptLGgalGOeyiDQALWjecLv6lX5G3To2tf
+dwb/64prTT3fLkC96WeRJ4BFwAr5Jd9zduQTsSUgxHU/fmnsgicJDNLZPBtpX3db
+ChrPYQKBgCbZCntXj6MkGZSNZ5IlNynl2XmPa9kN+ztCrTPPP3imAZgcDmROUjj+
+0eZiCjX/GJTO5uLSFtZxl3YnpWZsJJZSwnwPwEEo3+t5ves2dG+oJbeWLbj7xxE5
+LX934fWHWUof/qDY38/2Mu6+uu7IpNZlfAJ/hsjDE9pw8f0D6Xa+
+-----END RSA PRIVATE KEY-----
--- a/script/tls.py
+++ b/script/tls.py
@ -1,12 +1,30 @@
 #!/usr/bin/env python

 import json
-import urllib2
+import os
+import ssl
+import subprocess
 import sys
+import urllib2
+
+ctx = ssl.create_default_context()
+ctx.check_hostname = False
+ctx.verify_mode = ssl.CERT_NONE

 def check_tls(verbose):
-  response = json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))
-  tls = response['tls_version']
+  process = subprocess.Popen(
+    'node tls.js',
+    cwd=os.path.dirname(os.path.realpath(__file__)),
+    shell=True,
+    stdout=subprocess.PIPE,
+    stderr=subprocess.STDOUT
+  )
+
+  port = process.stdout.readline()
+
+  response = json.load(urllib2.urlopen('https://localhost:' + port, context=ctx))
+  tls = response['protocol']
+  process.wait()

  if sys.platform == "linux" or sys.platform == "linux2":
    tutorial = "./docs/development/build-instructions-linux.md"
@ -18,7 +36,7 @@ def check_tls(verbose):
    tutorial = "build instructions for your operating system" \
      + "in ./docs/development/"

-  if tls == "TLS 1.0":
+  if tls == "TLSv1" or tls == "TLSv1.1":
    print "Your system/python combination is using an outdated security" \
      + "protocol and will not be able to compile Electron. Please see " \
      + tutorial + "." \