search

TormStorm / jagex-launcher-linux

Community projects to install the Jagex Launcher and use Jagex Accounts in Linux
GNU Affero General Public License v3.0
220 stars 24 forks source link

Use SSL to validate downloads #127

Closed USA-RedDragon closed 11 months ago

USA-RedDragon commented 11 months ago

Fixes #126

Jagex seems to not be shipping a JWT with their latest release. This change swaps the code to use the proper hostname and lets requests validate the CA certificate chain. This removes all dependencies. SSL certificates that do not validate still get the following exception:

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'jagex-akamai.aws.snxd.com'. (_ssl.c:1007)>

I also removed unused imports and added a fix for a potential extra error message by importing binascii

nmlynch94 commented 11 months ago

I’m Looks good to me. Very happy we can remove all that cert validation code. I can test this in about an hour.

nmlynch94 commented 11 months ago

@TormStorm Confirmed this is working properly

TormStorm commented 11 months ago

@TormStorm Confirmed this is working properly

With all the dependencies removed as well?

nmlynch94 commented 11 months ago

Yep. I used a clean virtual environment to run it.