From dd2c7b350a8ef4d301d5c64ab1b8dff017a00857 Mon Sep 17 00:00:00 2001 From: Omer Yacine Date: Sat, 13 Apr 2024 15:58:43 +0200 Subject: [PATCH] accept only domain names (no ips) for ssl enabled electrum servers looks like using IP with ssl encryption isn't a common practice [1], also tls connector from tokio-rustls explicilty calls the ServerName argument in `connect` method `domain`, so lets stick with that. https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name --- mm2src/coins/utxo/rpc_clients.rs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/mm2src/coins/utxo/rpc_clients.rs b/mm2src/coins/utxo/rpc_clients.rs index b6752f382d..954b88c52f 100644 --- a/mm2src/coins/utxo/rpc_clients.rs +++ b/mm2src/coins/utxo/rpc_clients.rs @@ -1466,6 +1466,14 @@ fn addr_to_socket_addr(input: &str) -> Result { } } +#[cfg(not(target_arch = "wasm32"))] +fn server_name_from_domain(dns_name: &str) -> Result { + match ServerName::try_from(dns_name) { + Ok(dns_name) if matches!(dns_name, ServerName::DnsName(_)) => Ok(dns_name), + _ => ERR!("Couldn't parse DNS name from '{}'", dns_name), + } +} + /// Attempts to process the request (parse url, etc), build up the config and create new electrum connection /// The function takes `abortable_system` that will be used to spawn Electrum's related futures. #[cfg(not(target_arch = "wasm32"))] @@ -1483,7 +1491,7 @@ pub fn spawn_electrum( .host() .ok_or(ERRL!("Couldn't retrieve host from addr {}", req.url))?; - try_s!(ServerName::try_from(host)); + try_s!(server_name_from_domain(host)); ElectrumConfig::SSL { dns_name: host.into(), @@ -2769,7 +2777,7 @@ async fn connect_loop( TlsConnector::from(SAFE_TLS_CONFIG.clone()) }; // The address should always be correct since we checked it beforehand in initializaiton. - let dns = ServerName::try_from(dns_name.as_str()).map_err(|e| { + let dns = server_name_from_domain(dns_name.as_str()).map_err(|e| { error!("{:?} error {:?}", addr, e); })?;