Update electron to version 12
TimoGlastra opened this issue · 10 comments
Due to a Lets Encrypt certificate that expired on 30 september, I'm not able to use the toolbox anymore with our agents.
When creating a connection it will fail, stating that the certificate has expired. This is not true, but happens due to a conflict of configurations/processing between client and server. I'll try to update our servers to bypass this bug, but there's also a fix in electron: electron/electron#31212
The latest version that they backported the fix to is electron 12. The toolbox is currently at electron 9.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
I spent a considerable amount of time looking into this issue this past Friday. My findings so far show there are significant challenges to overcome to update to electron 12, I believe primarily stemming from updated security defaults (contextIsolation
is now enabled by default). Even after setting these security settings back to the original values (which is not recommended), the toolbox was showing just as a blank window.
I'll be the first to admit that I am not an experienced NodeJS/Electron developer so it's very possible I missed something simple. However, it seems we are in need of a significant refactoring to address security concerns even if we can discover a quick fix. We're putting together some thoughts at Indicio on how we can address some of these issues.
Thanks for looking into this! I also gave it a quick shot, but ran into numerous issues when updating, so that's why I opened this issue.
If you have more info on how to address these issues please let me know. I'm a bit worried that the effort of updating may not be worth the effort in relation to the discussions we've had with using React, and update to using AFJ -- but maybe it will be an easy fix after all :)
Yeah, these are our exact thoughts as well lol. My plan in the short-term is to prepare a workaround for at least the demo scripts in the toolbox plugin so we can start discussing the long-term solution. CC @JamesKEbert
We've had some discussion internally at Indicio on our proposed long-term approach here. We're considering using AFJ directly to act as the Aries Toolbox. So essentially the Toolbox would be an AFJ controller. We'd like to approach it with AFJ plugins if possible as well. I would like to detail further what our approach here would be, but some additional discussion first potentially would be good.
I would be interested to discuss any of your thoughts on a call @TimoGlastra if you have availability at some point. :)
I also have this error. Anyone have any fixes or workarounds?
If you have access to the server, you can fix it server side:
- Use HTTP instead of HTTPS, which is definitely not a good solution
- Depending on what you use the create the SSL certificate you can provide a preferred chain option to use
ISRG Root X1
overDST Root CA X3
by default ( https://github-wiki-see.page/m/acmesh-official/acme.sh/wiki/Preferred-Chain)
I solved but ı cant see all menu items. I can see only 4 item(Discover Features - Compose - Message History - Trusted Issuers ).
When that happens to me it is often that the connection doesn't have the right permission. When creating an invitation in ACA-Py did you add the following to the create-invitation body?
{
"metadata": {
"group": "admin"
}
}
I solved by change socket ssl error.