diff --git a/.env.example b/.env.example index 0e420dd1..80c320cf 100644 --- a/.env.example +++ b/.env.example @@ -69,6 +69,7 @@ MINT_LNBITS_KEY=yourkeyasdasdasd MINT_LND_REST_ENDPOINT=https://127.0.0.1:8086 MINT_LND_REST_CERT="/home/lnd/.lnd/tls.cert" MINT_LND_REST_MACAROON="/home/lnd/.lnd/data/chain/bitcoin/regtest/admin.macaroon" +MINT_LND_REST_CERT_VERIFY=False # Use with CoreLightningRestWallet MINT_CORELIGHTNING_REST_URL=https://localhost:3001 diff --git a/cashu/core/settings.py b/cashu/core/settings.py index d010a76f..00a96706 100644 --- a/cashu/core/settings.py +++ b/cashu/core/settings.py @@ -168,6 +168,7 @@ class WalletSettings(CashuSettings): class LndRestFundingSource(MintSettings): mint_lnd_rest_endpoint: Optional[str] = Field(default=None) mint_lnd_rest_cert: Optional[str] = Field(default=None) + mint_lnd_rest_cert_verify: bool = Field(default=True) mint_lnd_rest_macaroon: Optional[str] = Field(default=None) mint_lnd_rest_admin_macaroon: Optional[str] = Field(default=None) mint_lnd_rest_invoice_macaroon: Optional[str] = Field(default=None) diff --git a/cashu/lightning/lndrest.py b/cashu/lightning/lndrest.py index 3c2e75ad..19151c82 100644 --- a/cashu/lightning/lndrest.py +++ b/cashu/lightning/lndrest.py @@ -35,6 +35,7 @@ def __init__(self, unit: Unit = Unit.sat, **kwargs): self.unit = unit endpoint = settings.mint_lnd_rest_endpoint cert = settings.mint_lnd_rest_cert + cert_verify = settings.mint_lnd_rest_cert_verify macaroon = ( settings.mint_lnd_rest_macaroon @@ -54,6 +55,12 @@ def __init__(self, unit: Unit = Unit.sat, **kwargs): " publicly issued certificate" ) + if not cert_verify: + logger.warning( + "certificate validation will be disabled for lndrest" + ) + + endpoint = endpoint[:-1] if endpoint.endswith("/") else endpoint endpoint = ( f"https://{endpoint}" if not endpoint.startswith("http") else endpoint @@ -66,6 +73,11 @@ def __init__(self, unit: Unit = Unit.sat, **kwargs): # even on startup self.cert = cert or True + # disable cert verify if choosen + if not cert_verify: + self.cert = False + + self.auth = {"Grpc-Metadata-macaroon": self.macaroon} self.client = httpx.AsyncClient( base_url=self.endpoint, headers=self.auth, verify=self.cert