remote watchtower: enforce that SSL is used, on the client-side

2020-06-24 16:45:40 +02:00
parent 45c759873c
commit 662d0d92bd
3 changed files with 37 additions and 2 deletions
--- a/electrum/util.py
+++ b/electrum/util.py
@@ -42,6 +42,7 @@ import time
 from typing import NamedTuple, Optional
 import ssl
 import ipaddress
+from ipaddress import IPv4Address, IPv6Address
 import random
 import attr

@@ -1238,6 +1239,19 @@ def is_ip_address(x: Union[str, bytes]) -> bool:
        return False


+def is_private_netaddress(host: str) -> bool:
+    if str(host) in ('localhost', 'localhost.',):
+        return True
+    if host[0] == '[' and host[-1] == ']':  # IPv6
+        host = host[1:-1]
+    try:
+        ip_addr = ipaddress.ip_address(host)  # type: Union[IPv4Address, IPv6Address]
+        return ip_addr.is_private
+    except ValueError:
+        pass  # not an IP
+    return False
+
+
 def list_enabled_bits(x: int) -> Sequence[int]:
    """e.g. 77 (0b1001101) --> (0, 2, 3, 6)"""
    binary = bin(x)[2:]