Backport (3-0-x) - fix: tls check shouldnt rely on an external service (#13338)
* fix: tls check shouldnt rely on an external service * fix linting in the tls script'
This commit is contained in:
parent
cdbd4792e3
commit
128a03450a
4 changed files with 89 additions and 4 deletions
21
script/tls.cert.pem
Normal file
21
script/tls.cert.pem
Normal file
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDZDCCAkwCCQDw+ZvdiZ6UJTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJB
|
||||
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVTRSBUSElT
|
||||
IENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYDVQQDDAlk
|
||||
ZWFkLmNlcnQwHhcNMTgwNjIwMDY0OTE2WhcNMTkwNjIwMDY0OTE2WjB0MQswCQYD
|
||||
VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVT
|
||||
RSBUSElTIENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYD
|
||||
VQQDDAlkZWFkLmNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9
|
||||
0UnRjuXgIO1no5xFCugzcje1GlDd88AJCJyxySOJZhpry1S9mtrM0iQvGb+v9ixq
|
||||
mLuMBEsG1mvjECD6mFREHHK2NHFuSnfKtZkkzb3/turSEvmiRCXD+X0N+knuXjjl
|
||||
P6eo+hiGhhkDYHxz19e66ecVAYQThkQinZDU0l0rMbEMB9fKwcgiC9vG6tE7fE4i
|
||||
z3WLhT+LBS02qkJGLGIyCnOsJMMBoXpAV0DwB2CA05vTP8SrrllMg2Q4YAFhxAZl
|
||||
f/YHeJsvVyhbbw/k+oPypgdKRjYSCwSFgllOADVBv5gJ6lWt3to7B/HpFh9pTNuA
|
||||
12go7AJ2tBrIBj485P7HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWyR7u+Tcde
|
||||
U1kwitc6cJYwE2uZZS8+f5L3WLouoAw4Jr0GlqO9uZC8lwMbvO5tRN1khV8HdZ8k
|
||||
c/qoY/fwzW0qNjDDfz9tev73iu8SlL4iu9g9CDlISIFZlqmBr+g3Szw/l2ghud3a
|
||||
bogwgsZjWlODWFsJJE9gBKSzh2oiDDYa4PWkrkTg8VUe/8BLUc2ijKc6KXPPR72V
|
||||
iDXqKmM3S+Pa6a/evJo1z0KxsbSqs/ErIzY7JxSPG6Gw7NMYD6QmoJhNePicarIA
|
||||
LRFZqTFfi8v7Dmj58WI9BN1dkGtzTpYM4RL4gjmQmTf7J+mpgPDH9pi1pB1NZwxN
|
||||
pJmyETQUqDA=
|
||||
-----END CERTIFICATE-----
|
18
script/tls.js
Normal file
18
script/tls.js
Normal file
|
@ -0,0 +1,18 @@
|
|||
var fs = require('fs')
|
||||
var https = require('https')
|
||||
var path = require('path')
|
||||
|
||||
var server = https.createServer({
|
||||
key: fs.readFileSync(path.resolve(__dirname, 'tls.key.pem')),
|
||||
cert: fs.readFileSync(path.resolve(__dirname, 'tls.cert.pem'))
|
||||
}, (req, res) => {
|
||||
res.end(JSON.stringify({ protocol: req.socket.getProtocol() }))
|
||||
|
||||
setTimeout(() => {
|
||||
server.close()
|
||||
}, 0)
|
||||
})
|
||||
|
||||
server.listen(0, () => {
|
||||
console.log(server.address().port)
|
||||
})
|
27
script/tls.key.pem
Normal file
27
script/tls.key.pem
Normal file
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAvdFJ0Y7l4CDtZ6OcRQroM3I3tRpQ3fPACQicsckjiWYaa8tU
|
||||
vZrazNIkLxm/r/Ysapi7jARLBtZr4xAg+phURBxytjRxbkp3yrWZJM29/7bq0hL5
|
||||
okQlw/l9DfpJ7l445T+nqPoYhoYZA2B8c9fXuunnFQGEE4ZEIp2Q1NJdKzGxDAfX
|
||||
ysHIIgvbxurRO3xOIs91i4U/iwUtNqpCRixiMgpzrCTDAaF6QFdA8AdggNOb0z/E
|
||||
q65ZTINkOGABYcQGZX/2B3ibL1coW28P5PqD8qYHSkY2EgsEhYJZTgA1Qb+YCepV
|
||||
rd7aOwfx6RYfaUzbgNdoKOwCdrQayAY+POT+xwIDAQABAoIBAEDIT/hMW9odgsjP
|
||||
RwMtUMhWH/sYKydFDHJI1Sm8Kvu2tCe78oTvd+NViPHmSMymKMyMqd2EjZKc1Z9e
|
||||
HtNH7+J7Dw9uYJQyqCWvyr+L1F+UrxnZTgd6WKVE3dBKbrcCw0pCalc6W+p1k83a
|
||||
PT9QGBl7wNkjdk8vkMt7mTV5QkD+El20bsxhgVptS/SOgcRZha5HHC074b/WU0lr
|
||||
gXm+9Bmh3ND/FRF8rE2FEd8JjmEOioidpv/RaQyuj3Zc3Wf4cex7JLkhlpWaxriz
|
||||
5WxnIURtRDYruP1kjvACQGYnpBsBPA86vsRk03/vKpjmcklYDNbzc2uU7IWRmMsh
|
||||
VXILl7kCgYEA9BQogsCOyxiHwIcG7d7n8eG8UrBeFVTCOKabQCVX4jr2d6JbFGCX
|
||||
7BHTaSoN7QU1fmBJXp8+LckQ2TLKYKfGVzgyKjymJYgm4DE4r39jaHln+llHLOOW
|
||||
RiC+IC2npCYEsE+8A4wlOqi02srSVIriOT8tbZSSxnC8C+tkBANc4pUCgYEAxxas
|
||||
onV5RyK7/XhhKofueEw8h3IvrjQzVLUQZ+XtTcsJVcuAwEhoJ4Ckpwaou69i4M8y
|
||||
+OZJLUlU/UJykrgdmGmwcSE+Ncv7RjyQVhHThSSV+n9vdmdm+Jk93Eya4PG7oCF6
|
||||
a+qtXdH/1IQ4YRTBbxKQDPjQCXC4G7fbqlzdAOsCgYEAmtsfSLW64whROMlykADY
|
||||
0BIUVbIoPwhjoWWzImOO+q3GKekMOEWAnfpBU3unEjY31lJoumv2Gz5yPhuHYwOP
|
||||
R08UJNAN6coUQDF6cX41J9e/LIrwKX7LnPqxJeFRd0fXubUc6HNGO41GEXqVL6Ze
|
||||
GUwIGnolFVn5NObHsfQgPnECgYBAf6gOOeDAmxAsXgOcs80eTBSQDP5FgcPffYmD
|
||||
H4px2YV8tiFQKiUUJykws4eWxotSKc5ptLGgalGOeyiDQALWjecLv6lX5G3To2tf
|
||||
dwb/64prTT3fLkC96WeRJ4BFwAr5Jd9zduQTsSUgxHU/fmnsgicJDNLZPBtpX3db
|
||||
ChrPYQKBgCbZCntXj6MkGZSNZ5IlNynl2XmPa9kN+ztCrTPPP3imAZgcDmROUjj+
|
||||
0eZiCjX/GJTO5uLSFtZxl3YnpWZsJJZSwnwPwEEo3+t5ves2dG+oJbeWLbj7xxE5
|
||||
LX934fWHWUof/qDY38/2Mu6+uu7IpNZlfAJ/hsjDE9pw8f0D6Xa+
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -1,12 +1,31 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import json
|
||||
import urllib2
|
||||
import os
|
||||
import ssl
|
||||
import subprocess
|
||||
import sys
|
||||
import urllib2
|
||||
|
||||
ctx = ssl.create_default_context()
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
def check_tls(verbose):
|
||||
response = json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))
|
||||
tls = response['tls_version']
|
||||
process = subprocess.Popen(
|
||||
'node tls.js',
|
||||
cwd=os.path.dirname(os.path.realpath(__file__)),
|
||||
shell=True,
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.STDOUT
|
||||
)
|
||||
|
||||
port = process.stdout.readline()
|
||||
localhost_url = 'https://localhost:' + port
|
||||
|
||||
response = json.load(urllib2.urlopen(localhost_url, context=ctx))
|
||||
tls = response['protocol']
|
||||
process.wait()
|
||||
|
||||
if sys.platform == "linux" or sys.platform == "linux2":
|
||||
tutorial = "./docs/development/build-instructions-linux.md"
|
||||
|
@ -18,7 +37,7 @@ def check_tls(verbose):
|
|||
tutorial = "build instructions for your operating system" \
|
||||
+ "in ./docs/development/"
|
||||
|
||||
if tls == "TLS 1.0":
|
||||
if tls == "TLSv1" or tls == "TLSv1.1":
|
||||
print "Your system/python combination is using an outdated security" \
|
||||
+ "protocol and will not be able to compile Electron. Please see " \
|
||||
+ tutorial + "." \
|
||||
|
|
Loading…
Reference in a new issue