Remove SSL options from config.

This is out of scope for Electrum; HTTP services that require SSL
should be exposed to the world through a reverse proxy.

electrum/daemon.py

@@ -373,7 +373,7 @@ class WatchTowerServer(AuthenticatedServer):
     async def run(self):
         self.runner = web.AppRunner(self.app)
         await self.runner.setup()
-        site = web.TCPSite(self.runner, host=str(self.addr.host), port=self.addr.port, ssl_context=self.config.get_ssl_context())
+        site = web.TCPSite(self.runner, host=str(self.addr.host), port=self.addr.port)
         await site.start()
         self.logger.info(f"now running and listening. addr={self.addr}")
 

electrum/plugins/payserver/payserver.py

@@ -94,9 +94,7 @@ class PayServer(Logger, EventListener):
     def base_url(self):
         payserver = self.config.PAYSERVER_ADDRESS
         payserver = NetAddress.from_string(payserver)
-        use_ssl = bool(self.config.SSL_KEYFILE_PATH)
+        return 'http://%s:%d'%(payserver.host, payserver.port)
-        protocol = 'https' if use_ssl else 'http'
-        return '%s://%s:%d'%(protocol, payserver.host, payserver.port)
 
     @property
     def root(self):
@@ -123,7 +121,7 @@ class PayServer(Logger, EventListener):
             app.add_routes([web.post('/api/create_invoice', self.create_request)])
         runner = web.AppRunner(app)
         await runner.setup()
-        site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port, ssl_context=self.config.get_ssl_context())
+        site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port)
         await site.start()
         self.logger.info(f"now running and listening. addr={self.addr}")
 

electrum/plugins/swapserver/server.py

@@ -41,7 +41,7 @@ class SwapServer(Logger, EventListener):
 
         runner = web.AppRunner(app)
         await runner.setup()
-        site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port, ssl_context=self.config.get_ssl_context())
+        site = web.TCPSite(runner, host=str(self.addr.host), port=self.addr.port)
         await site.start()
         self.logger.info(f"now running and listening. addr={self.addr}")
 

electrum/simple_config.py

@@ -3,7 +3,6 @@ import threading
 import time
 import os
 import stat
-import ssl
 from decimal import Decimal
 from typing import Union, Optional, Dict, Sequence, Tuple, Any, Set
 from numbers import Real
@@ -757,22 +756,6 @@ class SimpleConfig(Logger):
             device = ''
         return device
 
-    def get_ssl_context(self):
-        ssl_keyfile = self.SSL_KEYFILE_PATH
-        ssl_certfile = self.SSL_CERTFILE_PATH
-        if ssl_keyfile and ssl_certfile:
-            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-            ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile)
-            return ssl_context
-
-    def get_ssl_domain(self):
-        from .paymentrequest import check_ssl_config
-        if self.SSL_KEYFILE_PATH and self.SSL_CERTFILE_PATH:
-            SSL_identity = check_ssl_config(self)
-        else:
-            SSL_identity = None
-        return SSL_identity
-
     def get_netaddress(self, key: Union[str, ConfigVar, ConfigVarWithConfig]) -> Optional[NetAddress]:
         if isinstance(key, (ConfigVar, ConfigVarWithConfig)):
             key = key.key()
@@ -965,8 +948,6 @@ class SimpleConfig(Logger):
     WIZARD_DONT_CREATE_SEGWIT = ConfigVar('nosegwit', default=False, type_=bool)
     CONFIG_FORGET_CHANGES = ConfigVar('forget_config', default=False, type_=bool)
 
-    SSL_CERTFILE_PATH = ConfigVar('ssl_certfile', default='', type_=str)
-    SSL_KEYFILE_PATH = ConfigVar('ssl_keyfile', default='', type_=str)
     # submarine swap server
     SWAPSERVER_URL = ConfigVar('swapserver_url', default='', type_=str)
     TEST_SWAPSERVER_REFUND = ConfigVar('test_swapserver_refund', default=False, type_=bool)