Backport (3-0-x) - fix: tls check shouldnt rely on an external service (#13338)

* fix: tls check shouldnt rely on an external service * fix linting in the tls script'
2018-06-21 00:12:58 +10:00 · 2018-06-21 00:12:58 +10:00 · 128a03450a
commit 128a03450a
parent cdbd4792e3
4 changed files with 89 additions and 4 deletions
--- a/script/tls.cert.pem
+++ b/script/tls.cert.pem
@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE-----
 MIIDZDCCAkwCCQDw+ZvdiZ6UJTANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJB
 VTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVTRSBUSElT
 IENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYDVQQDDAlk
 ZWFkLmNlcnQwHhcNMTgwNjIwMDY0OTE2WhcNMTkwNjIwMDY0OTE2WjB0MQswCQYD
 VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEdMBsGA1UECgwURE8gTk9UIFVT
 RSBUSElTIENFUlQxHTAbBgNVBAsMFFRISVMgQ0VSVCBJUyBVU0VMRVNTMRIwEAYD
 VQQDDAlkZWFkLmNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9
 0UnRjuXgIO1no5xFCugzcje1GlDd88AJCJyxySOJZhpry1S9mtrM0iQvGb+v9ixq
 mLuMBEsG1mvjECD6mFREHHK2NHFuSnfKtZkkzb3/turSEvmiRCXD+X0N+knuXjjl
 P6eo+hiGhhkDYHxz19e66ecVAYQThkQinZDU0l0rMbEMB9fKwcgiC9vG6tE7fE4i
 z3WLhT+LBS02qkJGLGIyCnOsJMMBoXpAV0DwB2CA05vTP8SrrllMg2Q4YAFhxAZl
 f/YHeJsvVyhbbw/k+oPypgdKRjYSCwSFgllOADVBv5gJ6lWt3to7B/HpFh9pTNuA
 12go7AJ2tBrIBj485P7HAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWyR7u+Tcde
 U1kwitc6cJYwE2uZZS8+f5L3WLouoAw4Jr0GlqO9uZC8lwMbvO5tRN1khV8HdZ8k
 c/qoY/fwzW0qNjDDfz9tev73iu8SlL4iu9g9CDlISIFZlqmBr+g3Szw/l2ghud3a
 bogwgsZjWlODWFsJJE9gBKSzh2oiDDYa4PWkrkTg8VUe/8BLUc2ijKc6KXPPR72V
 iDXqKmM3S+Pa6a/evJo1z0KxsbSqs/ErIzY7JxSPG6Gw7NMYD6QmoJhNePicarIA
 LRFZqTFfi8v7Dmj58WI9BN1dkGtzTpYM4RL4gjmQmTf7J+mpgPDH9pi1pB1NZwxN
 pJmyETQUqDA=
 -----END CERTIFICATE-----
--- a/script/tls.js
+++ b/script/tls.js
@ -0,0 +1,18 @@
 var fs = require('fs')
 var https = require('https')
 var path = require('path')
 var server = https.createServer({
  key: fs.readFileSync(path.resolve(__dirname, 'tls.key.pem')),
  cert: fs.readFileSync(path.resolve(__dirname, 'tls.cert.pem'))
 }, (req, res) => {
  res.end(JSON.stringify({ protocol: req.socket.getProtocol() }))
  setTimeout(() => {
    server.close()
  }, 0)
 })
 server.listen(0, () => {
  console.log(server.address().port)
 })
--- a/script/tls.key.pem
+++ b/script/tls.key.pem
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAvdFJ0Y7l4CDtZ6OcRQroM3I3tRpQ3fPACQicsckjiWYaa8tU
 vZrazNIkLxm/r/Ysapi7jARLBtZr4xAg+phURBxytjRxbkp3yrWZJM29/7bq0hL5
 okQlw/l9DfpJ7l445T+nqPoYhoYZA2B8c9fXuunnFQGEE4ZEIp2Q1NJdKzGxDAfX
 ysHIIgvbxurRO3xOIs91i4U/iwUtNqpCRixiMgpzrCTDAaF6QFdA8AdggNOb0z/E
 q65ZTINkOGABYcQGZX/2B3ibL1coW28P5PqD8qYHSkY2EgsEhYJZTgA1Qb+YCepV
 rd7aOwfx6RYfaUzbgNdoKOwCdrQayAY+POT+xwIDAQABAoIBAEDIT/hMW9odgsjP
 RwMtUMhWH/sYKydFDHJI1Sm8Kvu2tCe78oTvd+NViPHmSMymKMyMqd2EjZKc1Z9e
 HtNH7+J7Dw9uYJQyqCWvyr+L1F+UrxnZTgd6WKVE3dBKbrcCw0pCalc6W+p1k83a
 PT9QGBl7wNkjdk8vkMt7mTV5QkD+El20bsxhgVptS/SOgcRZha5HHC074b/WU0lr
 gXm+9Bmh3ND/FRF8rE2FEd8JjmEOioidpv/RaQyuj3Zc3Wf4cex7JLkhlpWaxriz
 5WxnIURtRDYruP1kjvACQGYnpBsBPA86vsRk03/vKpjmcklYDNbzc2uU7IWRmMsh
 VXILl7kCgYEA9BQogsCOyxiHwIcG7d7n8eG8UrBeFVTCOKabQCVX4jr2d6JbFGCX
 7BHTaSoN7QU1fmBJXp8+LckQ2TLKYKfGVzgyKjymJYgm4DE4r39jaHln+llHLOOW
 RiC+IC2npCYEsE+8A4wlOqi02srSVIriOT8tbZSSxnC8C+tkBANc4pUCgYEAxxas
 onV5RyK7/XhhKofueEw8h3IvrjQzVLUQZ+XtTcsJVcuAwEhoJ4Ckpwaou69i4M8y
 +OZJLUlU/UJykrgdmGmwcSE+Ncv7RjyQVhHThSSV+n9vdmdm+Jk93Eya4PG7oCF6
 a+qtXdH/1IQ4YRTBbxKQDPjQCXC4G7fbqlzdAOsCgYEAmtsfSLW64whROMlykADY
 0BIUVbIoPwhjoWWzImOO+q3GKekMOEWAnfpBU3unEjY31lJoumv2Gz5yPhuHYwOP
 R08UJNAN6coUQDF6cX41J9e/LIrwKX7LnPqxJeFRd0fXubUc6HNGO41GEXqVL6Ze
 GUwIGnolFVn5NObHsfQgPnECgYBAf6gOOeDAmxAsXgOcs80eTBSQDP5FgcPffYmD
 H4px2YV8tiFQKiUUJykws4eWxotSKc5ptLGgalGOeyiDQALWjecLv6lX5G3To2tf
 dwb/64prTT3fLkC96WeRJ4BFwAr5Jd9zduQTsSUgxHU/fmnsgicJDNLZPBtpX3db
 ChrPYQKBgCbZCntXj6MkGZSNZ5IlNynl2XmPa9kN+ztCrTPPP3imAZgcDmROUjj+
 0eZiCjX/GJTO5uLSFtZxl3YnpWZsJJZSwnwPwEEo3+t5ves2dG+oJbeWLbj7xxE5
 LX934fWHWUof/qDY38/2Mu6+uu7IpNZlfAJ/hsjDE9pw8f0D6Xa+
 -----END RSA PRIVATE KEY-----
--- a/script/tls.py
+++ b/script/tls.py
@ -1,12 +1,31 @@
 #!/usr/bin/env python
 import json
-import urllib2
+import os
 import ssl
 import subprocess
 import sys
 import urllib2
 ctx = ssl.create_default_context()
 ctx.check_hostname = False
 ctx.verify_mode = ssl.CERT_NONE
 def check_tls(verbose):
-  response = json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))
+  process = subprocess.Popen(
-  tls = response['tls_version']
+    'node tls.js',
    cwd=os.path.dirname(os.path.realpath(__file__)),
    shell=True,
    stdout=subprocess.PIPE,
    stderr=subprocess.STDOUT
  )
  port = process.stdout.readline()
  localhost_url = 'https://localhost:' + port
  response = json.load(urllib2.urlopen(localhost_url, context=ctx))
  tls = response['protocol']
  process.wait()
  if sys.platform == "linux" or sys.platform == "linux2":
    tutorial = "./docs/development/build-instructions-linux.md"
@ -18,7 +37,7 @@ def check_tls(verbose):
    tutorial = "build instructions for your operating system" \
      + "in ./docs/development/"
-  if tls == "TLS 1.0":
+  if tls == "TLSv1" or tls == "TLSv1.1":
    print "Your system/python combination is using an outdated security" \
      + "protocol and will not be able to compile Electron. Please see " \
      + tutorial + "." \