electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules

commit c09ac41b277e1d0c860b02f365c0f77bea449b81
parent 7a4270f5a4441c708556432a45f2b553129ae84e
Author: SomberNight <somber.night@protonmail.com>
Date:   Thu, 13 Dec 2018 22:54:53 +0100

ssl: use certifi explicitly for aiohttp and electrum-server connections

fixes ssl issues on Android

Diffstat:
Melectrum/interface.py | 6+++++-
Melectrum/util.py | 15++++++++++++---
2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/electrum/interface.py b/electrum/interface.py @@ -33,6 +33,7 @@ from collections import defaultdict import aiorpcx from aiorpcx import RPCSession, Notification +import requests from .util import PrintError, ignore_exceptions, log_exceptions, bfh, SilentTaskGroup from . import util @@ -48,6 +49,9 @@ if TYPE_CHECKING: from .network import Network +ca_path = requests.certs.where() + + class NotificationSession(RPCSession): def __init__(self, *args, **kwargs): @@ -232,7 +236,7 @@ class Interface(PrintError): return None # see if we already have cert for this server; or get it for the first time - ca_sslc = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) + ca_sslc = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_path) if not self._is_saved_ssl_cert_available(): await self._try_saving_ssl_cert_for_first_time(ca_sslc) # now we have a file saved in our certificate store diff --git a/electrum/util.py b/electrum/util.py @@ -40,10 +40,12 @@ import builtins import json import time from typing import NamedTuple, Optional +import ssl import aiohttp from aiohttp_socks import SocksConnector, SocksVer from aiorpcx import TaskGroup +import requests from .i18n import _ @@ -57,6 +59,9 @@ def inv_dict(d): return {v: k for k, v in d.items()} +ca_path = requests.certs.where() + + base_units = {'BTC':8, 'mBTC':5, 'bits':2, 'sat':0} base_units_inverse = inv_dict(base_units) base_units_list = ['BTC', 'mBTC', 'bits', 'sat'] # list(dict) does not guarantee order @@ -919,6 +924,8 @@ def make_aiohttp_session(proxy: dict, headers=None, timeout=None): headers = {'User-Agent': 'Electrum'} if timeout is None: timeout = aiohttp.ClientTimeout(total=10) + ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_path) + if proxy: connector = SocksConnector( socks_ver=SocksVer.SOCKS5 if proxy['mode'] == 'socks5' else SocksVer.SOCKS4, @@ -926,11 +933,13 @@ def make_aiohttp_session(proxy: dict, headers=None, timeout=None): port=int(proxy['port']), username=proxy.get('user', None), password=proxy.get('password', None), - rdns=True + rdns=True, + ssl_context=ssl_context, ) - return aiohttp.ClientSession(headers=headers, timeout=timeout, connector=connector) else: - return aiohttp.ClientSession(headers=headers, timeout=timeout) + connector = aiohttp.TCPConnector(ssl_context=ssl_context) + + return aiohttp.ClientSession(headers=headers, timeout=timeout, connector=connector) class SilentTaskGroup(TaskGroup):