electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules
commit c09ac41b277e1d0c860b02f365c0f77bea449b81
parent 7a4270f5a4441c708556432a45f2b553129ae84e
Author: SomberNight <somber.night@protonmail.com>
Date:   Thu, 13 Dec 2018 22:54:53 +0100

ssl: use certifi explicitly for aiohttp and electrum-server connections

fixes ssl issues on Android

Diffstat:

Melectrum/interface.py | 6+++++-


Melectrum/util.py | 15++++++++++++---


2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/electrum/interface.py b/electrum/interface.py
@@ -33,6 +33,7 @@ from collections import defaultdict
 
 import aiorpcx
 from aiorpcx import RPCSession, Notification
+import requests
 
 from .util import PrintError, ignore_exceptions, log_exceptions, bfh, SilentTaskGroup
 from . import util
@@ -48,6 +49,9 @@ if TYPE_CHECKING:
     from .network import Network
 
 
+ca_path = requests.certs.where()
+
+
 class NotificationSession(RPCSession):
 
     def __init__(self, *args, **kwargs):
@@ -232,7 +236,7 @@ class Interface(PrintError):
             return None
 
         # see if we already have cert for this server; or get it for the first time
-        ca_sslc = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+        ca_sslc = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_path)
         if not self._is_saved_ssl_cert_available():
             await self._try_saving_ssl_cert_for_first_time(ca_sslc)
         # now we have a file saved in our certificate store
diff --git a/electrum/util.py b/electrum/util.py
@@ -40,10 +40,12 @@ import builtins
 import json
 import time
 from typing import NamedTuple, Optional
+import ssl
 
 import aiohttp
 from aiohttp_socks import SocksConnector, SocksVer
 from aiorpcx import TaskGroup
+import requests
 
 from .i18n import _
 
@@ -57,6 +59,9 @@ def inv_dict(d):
     return {v: k for k, v in d.items()}
 
 
+ca_path = requests.certs.where()
+
+
 base_units = {'BTC':8, 'mBTC':5, 'bits':2, 'sat':0}
 base_units_inverse = inv_dict(base_units)
 base_units_list = ['BTC', 'mBTC', 'bits', 'sat']  # list(dict) does not guarantee order
@@ -919,6 +924,8 @@ def make_aiohttp_session(proxy: dict, headers=None, timeout=None):
         headers = {'User-Agent': 'Electrum'}
     if timeout is None:
         timeout = aiohttp.ClientTimeout(total=10)
+    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_path)
+
     if proxy:
         connector = SocksConnector(
             socks_ver=SocksVer.SOCKS5 if proxy['mode'] == 'socks5' else SocksVer.SOCKS4,
@@ -926,11 +933,13 @@ def make_aiohttp_session(proxy: dict, headers=None, timeout=None):
             port=int(proxy['port']),
             username=proxy.get('user', None),
             password=proxy.get('password', None),
-            rdns=True
+            rdns=True,
+            ssl_context=ssl_context,
         )
-        return aiohttp.ClientSession(headers=headers, timeout=timeout, connector=connector)
     else:
-        return aiohttp.ClientSession(headers=headers, timeout=timeout)
+        connector = aiohttp.TCPConnector(ssl_context=ssl_context)
+
+    return aiohttp.ClientSession(headers=headers, timeout=timeout, connector=connector)
 
 
 class SilentTaskGroup(TaskGroup):