From 012ce1c1bb6fad43e55ab18e92f85ec7514e96e6 Mon Sep 17 00:00:00 2001 From: ThomasV Date: Thu, 10 Aug 2023 17:24:23 +0200 Subject: [PATCH] Remove SSL options from config. This is out of scope for Electrum; HTTP services that require SSL should be exposed to the world through a reverse proxy. --- electrum/daemon.py | 2 +- electrum/plugins/payserver/payserver.py | 6 ++---- electrum/plugins/swapserver/server.py | 2 +- electrum/simple_config.py | 19 ------------------- 4 files changed, 4 insertions(+), 25 deletions(-) diff --git a/electrum/daemon.py b/electrum/daemon.py index ff9a7a2fd..becf9d441 100644 --- a/electrum/daemon.py +++ b/electrum/daemon.py @@ -373,7 +373,7 @@ class WatchTowerServer(AuthenticatedServer): async def run(self): self.runner = web.AppRunner(self.app) await self.runner.setup() - site = web.TCPSite(self.runner, host=str(self.addr.host), port=self.addr.port, ssl_context=self.config.get_ssl_context()) + site = web.TCPSite(self.runner, host=str(self.addr.host), port=self.addr.port) await site.start() self.logger.info(f"now running and listening. addr={self.addr}") diff --git a/electrum/plugins/payserver/payserver.py b/electrum/plugins/payserver/payserver.py index cfdd6ce42..b2d4c5e00 100644 --- a/electrum/plugins/payserver/payserver.py +++ b/electrum/plugins/payserver/payserver.py @@ -94,9 +94,7 @@ class PayServer(Logger, EventListener): def base_url(self): payserver = self.config.PAYSERVER_ADDRESS payserver = NetAddress.from_string(payserver) - use_ssl = bool(self.config.SSL_KEYFILE_PATH) - protocol = 'https' if use_ssl else 'http' - return '%s://%s:%d'%(protocol, payserver.host, payserver.port) + return 'http://%s:%d'%(payserver.host, payserver.port) @property def root(self): @@ -123,7 +121,7 @@ class PayServer(Logger, EventListener): app.add_routes([web.post('/api/create_invoice', self.create_request)]) runner = web.AppRunner(app) await runner.setup() - site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port, ssl_context=self.config.get_ssl_context()) + site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port) await site.start() self.logger.info(f"now running and listening. addr={self.addr}") diff --git a/electrum/plugins/swapserver/server.py b/electrum/plugins/swapserver/server.py index 0e22c2588..36654453f 100644 --- a/electrum/plugins/swapserver/server.py +++ b/electrum/plugins/swapserver/server.py @@ -41,7 +41,7 @@ class SwapServer(Logger, EventListener): runner = web.AppRunner(app) await runner.setup() - site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port, ssl_context=self.config.get_ssl_context()) + site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port) await site.start() self.logger.info(f"now running and listening. addr={self.addr}") diff --git a/electrum/simple_config.py b/electrum/simple_config.py index 753bf388b..21e0e3710 100644 --- a/electrum/simple_config.py +++ b/electrum/simple_config.py @@ -3,7 +3,6 @@ import threading import time import os import stat -import ssl from decimal import Decimal from typing import Union, Optional, Dict, Sequence, Tuple, Any, Set from numbers import Real @@ -757,22 +756,6 @@ class SimpleConfig(Logger): device = '' return device - def get_ssl_context(self): - ssl_keyfile = self.SSL_KEYFILE_PATH - ssl_certfile = self.SSL_CERTFILE_PATH - if ssl_keyfile and ssl_certfile: - ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) - ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile) - return ssl_context - - def get_ssl_domain(self): - from .paymentrequest import check_ssl_config - if self.SSL_KEYFILE_PATH and self.SSL_CERTFILE_PATH: - SSL_identity = check_ssl_config(self) - else: - SSL_identity = None - return SSL_identity - def get_netaddress(self, key: Union[str, ConfigVar, ConfigVarWithConfig]) -> Optional[NetAddress]: if isinstance(key, (ConfigVar, ConfigVarWithConfig)): key = key.key() @@ -965,8 +948,6 @@ class SimpleConfig(Logger): WIZARD_DONT_CREATE_SEGWIT = ConfigVar('nosegwit', default=False, type_=bool) CONFIG_FORGET_CHANGES = ConfigVar('forget_config', default=False, type_=bool) - SSL_CERTFILE_PATH = ConfigVar('ssl_certfile', default='', type_=str) - SSL_KEYFILE_PATH = ConfigVar('ssl_keyfile', default='', type_=str) # submarine swap server SWAPSERVER_URL = ConfigVar('swapserver_url', default='', type_=str) TEST_SWAPSERVER_REFUND = ConfigVar('test_swapserver_refund', default=False, type_=bool)