interface.is_server_ca_signed: don't rely on assert

electrum/interface.py

@@ -217,12 +217,19 @@ class Interface(PrintError):
         else:
             self.proxy = None
 
-    async def is_server_ca_signed(self, sslc):
+    async def is_server_ca_signed(self, ca_ssl_context):
+        """Given a CA enforcing SSL context, returns True if the connection
+        can be established. Returns False if the server has a self-signed
+        certificate but otherwise is okay. Any other failures raise.
+        """
         try:
-            await self.open_session(sslc, exit_early=True)
+            await self.open_session(ca_ssl_context, exit_early=True)
         except ssl.SSLError as e:
-            assert e.reason == 'CERTIFICATE_VERIFY_FAILED'
+            if e.reason == 'CERTIFICATE_VERIFY_FAILED':
+                # failures due to self-signed certs are normal
                 return False
+            # e.g. too weak crypto
+            raise
         return True
 
     async def _try_saving_ssl_cert_for_first_time(self, ca_ssl_context):