tinterface.is_server_ca_signed: don't rely on assert - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit 0bf0b1d20be25bf77a553d644a651f04bc2dd783
DIR parent 2f112169863382aa413d865dfad657034a376d7d
HTML Author: SomberNight <somber.night@protonmail.com>
Date: Mon, 18 Feb 2019 18:00:54 +0100
interface.is_server_ca_signed: don't rely on assert
Diffstat:
M electrum/interface.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
---
DIR diff --git a/electrum/interface.py b/electrum/interface.py
t@@ -217,12 +217,19 @@ class Interface(PrintError):
else:
self.proxy = None
- async def is_server_ca_signed(self, sslc):
+ async def is_server_ca_signed(self, ca_ssl_context):
+ """Given a CA enforcing SSL context, returns True if the connection
+ can be established. Returns False if the server has a self-signed
+ certificate but otherwise is okay. Any other failures raise.
+ """
try:
- await self.open_session(sslc, exit_early=True)
+ await self.open_session(ca_ssl_context, exit_early=True)
except ssl.SSLError as e:
- assert e.reason == 'CERTIFICATE_VERIFY_FAILED'
- return False
+ if e.reason == 'CERTIFICATE_VERIFY_FAILED':
+ # failures due to self-signed certs are normal
+ return False
+ # e.g. too weak crypto
+ raise
return True
async def _try_saving_ssl_cert_for_first_time(self, ca_ssl_context):