interface.is_server_ca_signed: don't rely on assert

6 years ago · 0bf0b1d20b
1 changed files with 11 additions and 4 deletions
--- a/electrum/interface.py
+++ b/electrum/interface.py
@ -217,12 +217,19 @@ class Interface(PrintError):
        else:
            self.proxy = None

-    async def is_server_ca_signed(self, sslc):
+    async def is_server_ca_signed(self, ca_ssl_context):
+        """Given a CA enforcing SSL context, returns True if the connection
+        can be established. Returns False if the server has a self-signed
+        certificate but otherwise is okay. Any other failures raise.
+        """
        try:
-            await self.open_session(sslc, exit_early=True)
+            await self.open_session(ca_ssl_context, exit_early=True)
        except ssl.SSLError as e:
-            assert e.reason == 'CERTIFICATE_VERIFY_FAILED'
-            return False
+            if e.reason == 'CERTIFICATE_VERIFY_FAILED':
+                # failures due to self-signed certs are normal
+                return False
+            # e.g. too weak crypto
+            raise
        return True

    async def _try_saving_ssl_cert_for_first_time(self, ca_ssl_context):