From 0bf0b1d20be25bf77a553d644a651f04bc2dd783 Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Mon, 18 Feb 2019 18:00:54 +0100
Subject: [PATCH] interface.is_server_ca_signed: don't rely on assert

---
 electrum/interface.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/electrum/interface.py b/electrum/interface.py
index 8ac90adb6..749928d7a 100644
--- a/electrum/interface.py
+++ b/electrum/interface.py
@@ -217,12 +217,19 @@ class Interface(PrintError):
         else:
             self.proxy = None
 
-    async def is_server_ca_signed(self, sslc):
+    async def is_server_ca_signed(self, ca_ssl_context):
+        """Given a CA enforcing SSL context, returns True if the connection
+        can be established. Returns False if the server has a self-signed
+        certificate but otherwise is okay. Any other failures raise.
+        """
         try:
-            await self.open_session(sslc, exit_early=True)
+            await self.open_session(ca_ssl_context, exit_early=True)
         except ssl.SSLError as e:
-            assert e.reason == 'CERTIFICATE_VERIFY_FAILED'
-            return False
+            if e.reason == 'CERTIFICATE_VERIFY_FAILED':
+                # failures due to self-signed certs are normal
+                return False
+            # e.g. too weak crypto
+            raise
         return True
 
     async def _try_saving_ssl_cert_for_first_time(self, ca_ssl_context):