tssl: use certifi explicitly for aiohttp and electrum-server connections - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit c09ac41b277e1d0c860b02f365c0f77bea449b81
DIR parent 7a4270f5a4441c708556432a45f2b553129ae84e
HTML Author: SomberNight <somber.night@protonmail.com>
Date: Thu, 13 Dec 2018 22:54:53 +0100
ssl: use certifi explicitly for aiohttp and electrum-server connections
fixes ssl issues on Android
Diffstat:
M electrum/interface.py | 6 +++++-
M electrum/util.py | 15 ++++++++++++---
2 files changed, 17 insertions(+), 4 deletions(-)
---
DIR diff --git a/electrum/interface.py b/electrum/interface.py
t@@ -33,6 +33,7 @@ from collections import defaultdict
import aiorpcx
from aiorpcx import RPCSession, Notification
+import requests
from .util import PrintError, ignore_exceptions, log_exceptions, bfh, SilentTaskGroup
from . import util
t@@ -48,6 +49,9 @@ if TYPE_CHECKING:
from .network import Network
+ca_path = requests.certs.where()
+
+
class NotificationSession(RPCSession):
def __init__(self, *args, **kwargs):
t@@ -232,7 +236,7 @@ class Interface(PrintError):
return None
# see if we already have cert for this server; or get it for the first time
- ca_sslc = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+ ca_sslc = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_path)
if not self._is_saved_ssl_cert_available():
await self._try_saving_ssl_cert_for_first_time(ca_sslc)
# now we have a file saved in our certificate store
DIR diff --git a/electrum/util.py b/electrum/util.py
t@@ -40,10 +40,12 @@ import builtins
import json
import time
from typing import NamedTuple, Optional
+import ssl
import aiohttp
from aiohttp_socks import SocksConnector, SocksVer
from aiorpcx import TaskGroup
+import requests
from .i18n import _
t@@ -57,6 +59,9 @@ def inv_dict(d):
return {v: k for k, v in d.items()}
+ca_path = requests.certs.where()
+
+
base_units = {'BTC':8, 'mBTC':5, 'bits':2, 'sat':0}
base_units_inverse = inv_dict(base_units)
base_units_list = ['BTC', 'mBTC', 'bits', 'sat'] # list(dict) does not guarantee order
t@@ -919,6 +924,8 @@ def make_aiohttp_session(proxy: dict, headers=None, timeout=None):
headers = {'User-Agent': 'Electrum'}
if timeout is None:
timeout = aiohttp.ClientTimeout(total=10)
+ ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_path)
+
if proxy:
connector = SocksConnector(
socks_ver=SocksVer.SOCKS5 if proxy['mode'] == 'socks5' else SocksVer.SOCKS4,
t@@ -926,11 +933,13 @@ def make_aiohttp_session(proxy: dict, headers=None, timeout=None):
port=int(proxy['port']),
username=proxy.get('user', None),
password=proxy.get('password', None),
- rdns=True
+ rdns=True,
+ ssl_context=ssl_context,
)
- return aiohttp.ClientSession(headers=headers, timeout=timeout, connector=connector)
else:
- return aiohttp.ClientSession(headers=headers, timeout=timeout)
+ connector = aiohttp.TCPConnector(ssl_context=ssl_context)
+
+ return aiohttp.ClientSession(headers=headers, timeout=timeout, connector=connector)
class SilentTaskGroup(TaskGroup):