Backport (3-0-x) - fix: tls check shouldnt rely on an external service (#13338)

* fix: tls check shouldnt rely on an external service

* fix linting in the tls script'
This commit is contained in:
trop[bot] 2018-06-21 00:12:58 +10:00 committed by Samuel Attard
parent cdbd4792e3
commit 128a03450a
4 changed files with 89 additions and 4 deletions

21
script/tls.cert.pem Normal file
View file

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDZDCCAkwCCQDw+ZvdiZ6UJTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVTRSBUSElT
IENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYDVQQDDAlk
ZWFkLmNlcnQwHhcNMTgwNjIwMDY0OTE2WhcNMTkwNjIwMDY0OTE2WjB0MQswCQYD
VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVT
RSBUSElTIENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYD
VQQDDAlkZWFkLmNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9
0UnRjuXgIO1no5xFCugzcje1GlDd88AJCJyxySOJZhpry1S9mtrM0iQvGb+v9ixq
mLuMBEsG1mvjECD6mFREHHK2NHFuSnfKtZkkzb3/turSEvmiRCXD+X0N+knuXjjl
P6eo+hiGhhkDYHxz19e66ecVAYQThkQinZDU0l0rMbEMB9fKwcgiC9vG6tE7fE4i
z3WLhT+LBS02qkJGLGIyCnOsJMMBoXpAV0DwB2CA05vTP8SrrllMg2Q4YAFhxAZl
f/YHeJsvVyhbbw/k+oPypgdKRjYSCwSFgllOADVBv5gJ6lWt3to7B/HpFh9pTNuA
12go7AJ2tBrIBj485P7HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWyR7u+Tcde
U1kwitc6cJYwE2uZZS8+f5L3WLouoAw4Jr0GlqO9uZC8lwMbvO5tRN1khV8HdZ8k
c/qoY/fwzW0qNjDDfz9tev73iu8SlL4iu9g9CDlISIFZlqmBr+g3Szw/l2ghud3a
bogwgsZjWlODWFsJJE9gBKSzh2oiDDYa4PWkrkTg8VUe/8BLUc2ijKc6KXPPR72V
iDXqKmM3S+Pa6a/evJo1z0KxsbSqs/ErIzY7JxSPG6Gw7NMYD6QmoJhNePicarIA
LRFZqTFfi8v7Dmj58WI9BN1dkGtzTpYM4RL4gjmQmTf7J+mpgPDH9pi1pB1NZwxN
pJmyETQUqDA=
-----END CERTIFICATE-----

18
script/tls.js Normal file
View file

@ -0,0 +1,18 @@
var fs = require('fs')
var https = require('https')
var path = require('path')
var server = https.createServer({
key: fs.readFileSync(path.resolve(__dirname, 'tls.key.pem')),
cert: fs.readFileSync(path.resolve(__dirname, 'tls.cert.pem'))
}, (req, res) => {
res.end(JSON.stringify({ protocol: req.socket.getProtocol() }))
setTimeout(() => {
server.close()
}, 0)
})
server.listen(0, () => {
console.log(server.address().port)
})

27
script/tls.key.pem Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvdFJ0Y7l4CDtZ6OcRQroM3I3tRpQ3fPACQicsckjiWYaa8tU
vZrazNIkLxm/r/Ysapi7jARLBtZr4xAg+phURBxytjRxbkp3yrWZJM29/7bq0hL5
okQlw/l9DfpJ7l445T+nqPoYhoYZA2B8c9fXuunnFQGEE4ZEIp2Q1NJdKzGxDAfX
ysHIIgvbxurRO3xOIs91i4U/iwUtNqpCRixiMgpzrCTDAaF6QFdA8AdggNOb0z/E
q65ZTINkOGABYcQGZX/2B3ibL1coW28P5PqD8qYHSkY2EgsEhYJZTgA1Qb+YCepV
rd7aOwfx6RYfaUzbgNdoKOwCdrQayAY+POT+xwIDAQABAoIBAEDIT/hMW9odgsjP
RwMtUMhWH/sYKydFDHJI1Sm8Kvu2tCe78oTvd+NViPHmSMymKMyMqd2EjZKc1Z9e
HtNH7+J7Dw9uYJQyqCWvyr+L1F+UrxnZTgd6WKVE3dBKbrcCw0pCalc6W+p1k83a
PT9QGBl7wNkjdk8vkMt7mTV5QkD+El20bsxhgVptS/SOgcRZha5HHC074b/WU0lr
gXm+9Bmh3ND/FRF8rE2FEd8JjmEOioidpv/RaQyuj3Zc3Wf4cex7JLkhlpWaxriz
5WxnIURtRDYruP1kjvACQGYnpBsBPA86vsRk03/vKpjmcklYDNbzc2uU7IWRmMsh
VXILl7kCgYEA9BQogsCOyxiHwIcG7d7n8eG8UrBeFVTCOKabQCVX4jr2d6JbFGCX
7BHTaSoN7QU1fmBJXp8+LckQ2TLKYKfGVzgyKjymJYgm4DE4r39jaHln+llHLOOW
RiC+IC2npCYEsE+8A4wlOqi02srSVIriOT8tbZSSxnC8C+tkBANc4pUCgYEAxxas
onV5RyK7/XhhKofueEw8h3IvrjQzVLUQZ+XtTcsJVcuAwEhoJ4Ckpwaou69i4M8y
+OZJLUlU/UJykrgdmGmwcSE+Ncv7RjyQVhHThSSV+n9vdmdm+Jk93Eya4PG7oCF6
a+qtXdH/1IQ4YRTBbxKQDPjQCXC4G7fbqlzdAOsCgYEAmtsfSLW64whROMlykADY
0BIUVbIoPwhjoWWzImOO+q3GKekMOEWAnfpBU3unEjY31lJoumv2Gz5yPhuHYwOP
R08UJNAN6coUQDF6cX41J9e/LIrwKX7LnPqxJeFRd0fXubUc6HNGO41GEXqVL6Ze
GUwIGnolFVn5NObHsfQgPnECgYBAf6gOOeDAmxAsXgOcs80eTBSQDP5FgcPffYmD
H4px2YV8tiFQKiUUJykws4eWxotSKc5ptLGgalGOeyiDQALWjecLv6lX5G3To2tf
dwb/64prTT3fLkC96WeRJ4BFwAr5Jd9zduQTsSUgxHU/fmnsgicJDNLZPBtpX3db
ChrPYQKBgCbZCntXj6MkGZSNZ5IlNynl2XmPa9kN+ztCrTPPP3imAZgcDmROUjj+
0eZiCjX/GJTO5uLSFtZxl3YnpWZsJJZSwnwPwEEo3+t5ves2dG+oJbeWLbj7xxE5
LX934fWHWUof/qDY38/2Mu6+uu7IpNZlfAJ/hsjDE9pw8f0D6Xa+
-----END RSA PRIVATE KEY-----

View file

@ -1,12 +1,31 @@
#!/usr/bin/env python
import json
import urllib2
import os
import ssl
import subprocess
import sys
import urllib2
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
def check_tls(verbose):
response = json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))
tls = response['tls_version']
process = subprocess.Popen(
'node tls.js',
cwd=os.path.dirname(os.path.realpath(__file__)),
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT
)
port = process.stdout.readline()
localhost_url = 'https://localhost:' + port
response = json.load(urllib2.urlopen(localhost_url, context=ctx))
tls = response['protocol']
process.wait()
if sys.platform == "linux" or sys.platform == "linux2":
tutorial = "./docs/development/build-instructions-linux.md"
@ -18,7 +37,7 @@ def check_tls(verbose):
tutorial = "build instructions for your operating system" \
+ "in ./docs/development/"
if tls == "TLS 1.0":
if tls == "TLSv1" or tls == "TLSv1.1":
print "Your system/python combination is using an outdated security" \
+ "protocol and will not be able to compile Electron. Please see " \
+ tutorial + "." \