From 0ca249648194169f17599f6616680ad96c3c9003 Mon Sep 17 00:00:00 2001 From: Samuel Attard Date: Wed, 20 Jun 2018 17:05:43 +1000 Subject: [PATCH] fix: tls check shouldnt rely on an external service --- script/tls.cert.pem | 21 +++++++++++++++++++++ script/tls.js | 18 ++++++++++++++++++ script/tls.key.pem | 27 +++++++++++++++++++++++++++ script/tls.py | 26 ++++++++++++++++++++++---- 4 files changed, 88 insertions(+), 4 deletions(-) create mode 100644 script/tls.cert.pem create mode 100644 script/tls.js create mode 100644 script/tls.key.pem diff --git a/script/tls.cert.pem b/script/tls.cert.pem new file mode 100644 index 000000000000..f77ce995190e --- /dev/null +++ b/script/tls.cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAkwCCQDw+ZvdiZ6UJTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVTRSBUSElT +IENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYDVQQDDAlk +ZWFkLmNlcnQwHhcNMTgwNjIwMDY0OTE2WhcNMTkwNjIwMDY0OTE2WjB0MQswCQYD +VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVT +RSBUSElTIENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYD +VQQDDAlkZWFkLmNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9 +0UnRjuXgIO1no5xFCugzcje1GlDd88AJCJyxySOJZhpry1S9mtrM0iQvGb+v9ixq +mLuMBEsG1mvjECD6mFREHHK2NHFuSnfKtZkkzb3/turSEvmiRCXD+X0N+knuXjjl +P6eo+hiGhhkDYHxz19e66ecVAYQThkQinZDU0l0rMbEMB9fKwcgiC9vG6tE7fE4i +z3WLhT+LBS02qkJGLGIyCnOsJMMBoXpAV0DwB2CA05vTP8SrrllMg2Q4YAFhxAZl +f/YHeJsvVyhbbw/k+oPypgdKRjYSCwSFgllOADVBv5gJ6lWt3to7B/HpFh9pTNuA +12go7AJ2tBrIBj485P7HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWyR7u+Tcde +U1kwitc6cJYwE2uZZS8+f5L3WLouoAw4Jr0GlqO9uZC8lwMbvO5tRN1khV8HdZ8k +c/qoY/fwzW0qNjDDfz9tev73iu8SlL4iu9g9CDlISIFZlqmBr+g3Szw/l2ghud3a +bogwgsZjWlODWFsJJE9gBKSzh2oiDDYa4PWkrkTg8VUe/8BLUc2ijKc6KXPPR72V +iDXqKmM3S+Pa6a/evJo1z0KxsbSqs/ErIzY7JxSPG6Gw7NMYD6QmoJhNePicarIA +LRFZqTFfi8v7Dmj58WI9BN1dkGtzTpYM4RL4gjmQmTf7J+mpgPDH9pi1pB1NZwxN +pJmyETQUqDA= +-----END CERTIFICATE----- diff --git a/script/tls.js b/script/tls.js new file mode 100644 index 000000000000..71a5ed492484 --- /dev/null +++ b/script/tls.js @@ -0,0 +1,18 @@ +var fs = require('fs') +var https = require('https') +var path = require('path') + +var server = https.createServer({ + key: fs.readFileSync(path.resolve(__dirname, 'tls.key.pem')), + cert: fs.readFileSync(path.resolve(__dirname, 'tls.cert.pem')) +}, (req, res) => { + res.end(JSON.stringify({ protocol: req.socket.getProtocol() })) + + setTimeout(() => { + server.close() + }, 0) +}) + +server.listen(0, () => { + console.log(server.address().port) +}) diff --git a/script/tls.key.pem b/script/tls.key.pem new file mode 100644 index 000000000000..84a77b70603a --- /dev/null +++ b/script/tls.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvdFJ0Y7l4CDtZ6OcRQroM3I3tRpQ3fPACQicsckjiWYaa8tU +vZrazNIkLxm/r/Ysapi7jARLBtZr4xAg+phURBxytjRxbkp3yrWZJM29/7bq0hL5 +okQlw/l9DfpJ7l445T+nqPoYhoYZA2B8c9fXuunnFQGEE4ZEIp2Q1NJdKzGxDAfX +ysHIIgvbxurRO3xOIs91i4U/iwUtNqpCRixiMgpzrCTDAaF6QFdA8AdggNOb0z/E +q65ZTINkOGABYcQGZX/2B3ibL1coW28P5PqD8qYHSkY2EgsEhYJZTgA1Qb+YCepV +rd7aOwfx6RYfaUzbgNdoKOwCdrQayAY+POT+xwIDAQABAoIBAEDIT/hMW9odgsjP +RwMtUMhWH/sYKydFDHJI1Sm8Kvu2tCe78oTvd+NViPHmSMymKMyMqd2EjZKc1Z9e +HtNH7+J7Dw9uYJQyqCWvyr+L1F+UrxnZTgd6WKVE3dBKbrcCw0pCalc6W+p1k83a +PT9QGBl7wNkjdk8vkMt7mTV5QkD+El20bsxhgVptS/SOgcRZha5HHC074b/WU0lr +gXm+9Bmh3ND/FRF8rE2FEd8JjmEOioidpv/RaQyuj3Zc3Wf4cex7JLkhlpWaxriz +5WxnIURtRDYruP1kjvACQGYnpBsBPA86vsRk03/vKpjmcklYDNbzc2uU7IWRmMsh +VXILl7kCgYEA9BQogsCOyxiHwIcG7d7n8eG8UrBeFVTCOKabQCVX4jr2d6JbFGCX +7BHTaSoN7QU1fmBJXp8+LckQ2TLKYKfGVzgyKjymJYgm4DE4r39jaHln+llHLOOW +RiC+IC2npCYEsE+8A4wlOqi02srSVIriOT8tbZSSxnC8C+tkBANc4pUCgYEAxxas +onV5RyK7/XhhKofueEw8h3IvrjQzVLUQZ+XtTcsJVcuAwEhoJ4Ckpwaou69i4M8y ++OZJLUlU/UJykrgdmGmwcSE+Ncv7RjyQVhHThSSV+n9vdmdm+Jk93Eya4PG7oCF6 +a+qtXdH/1IQ4YRTBbxKQDPjQCXC4G7fbqlzdAOsCgYEAmtsfSLW64whROMlykADY +0BIUVbIoPwhjoWWzImOO+q3GKekMOEWAnfpBU3unEjY31lJoumv2Gz5yPhuHYwOP +R08UJNAN6coUQDF6cX41J9e/LIrwKX7LnPqxJeFRd0fXubUc6HNGO41GEXqVL6Ze +GUwIGnolFVn5NObHsfQgPnECgYBAf6gOOeDAmxAsXgOcs80eTBSQDP5FgcPffYmD +H4px2YV8tiFQKiUUJykws4eWxotSKc5ptLGgalGOeyiDQALWjecLv6lX5G3To2tf +dwb/64prTT3fLkC96WeRJ4BFwAr5Jd9zduQTsSUgxHU/fmnsgicJDNLZPBtpX3db +ChrPYQKBgCbZCntXj6MkGZSNZ5IlNynl2XmPa9kN+ztCrTPPP3imAZgcDmROUjj+ +0eZiCjX/GJTO5uLSFtZxl3YnpWZsJJZSwnwPwEEo3+t5ves2dG+oJbeWLbj7xxE5 +LX934fWHWUof/qDY38/2Mu6+uu7IpNZlfAJ/hsjDE9pw8f0D6Xa+ +-----END RSA PRIVATE KEY----- diff --git a/script/tls.py b/script/tls.py index 762147d826cf..60ea5b866df4 100644 --- a/script/tls.py +++ b/script/tls.py @@ -1,12 +1,30 @@ #!/usr/bin/env python import json -import urllib2 +import os +import ssl +import subprocess import sys +import urllib2 + +ctx = ssl.create_default_context() +ctx.check_hostname = False +ctx.verify_mode = ssl.CERT_NONE def check_tls(verbose): - response = json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check')) - tls = response['tls_version'] + process = subprocess.Popen( + 'node tls.js', + cwd=os.path.dirname(os.path.realpath(__file__)), + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT + ) + + port = process.stdout.readline() + + response = json.load(urllib2.urlopen('https://localhost:' + port, context=ctx)) + tls = response['protocol'] + process.wait() if sys.platform == "linux" or sys.platform == "linux2": tutorial = "./docs/development/build-instructions-linux.md" @@ -18,7 +36,7 @@ def check_tls(verbose): tutorial = "build instructions for your operating system" \ + "in ./docs/development/" - if tls == "TLS 1.0": + if tls == "TLSv1" or tls == "TLSv1.1": print "Your system/python combination is using an outdated security" \ + "protocol and will not be able to compile Electron. Please see " \ + tutorial + "." \