Merge pull request #72

832927e First iteration of instructions on how to set up an HTTPS JSON-RPC connection (Pierre Rochard)
6ab33df Adding SSLContext to replace the deprecated key_file and cert_file arguments in HTTPSConnection (Pierre Rochard)

Author: petertodd

bitcoin/rpc.py

@@ -13,6 +13,7 @@
 """Bitcoin Core RPC support"""
 
 from __future__ import absolute_import, division, print_function, unicode_literals
+import ssl
 
 try:
     import http.client as httplib
@@ -100,6 +101,22 @@ def __init__(self, service_url=None,
                 else:
                     raise ValueError('Unknown rpcssl value %r' % conf['rpcssl'])
 
+                if conf['rpcssl'] and 'rpcsslcertificatechainfile' in conf and 'rpcsslprivatekeyfile' in conf:
+                    self.__ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+                    if os.path.exists(conf['rpcsslcertificatechainfile']):
+                        certificate = conf['rpcsslcertificatechainfile']
+                    elif os.path.exists(os.path.join(os.path.dirname(btc_conf_file), conf['rpcsslcertificatechainfile'])):
+                        certificate = os.path.join(os.path.dirname(btc_conf_file), conf['rpcsslcertificatechainfile'])
+                    else:
+                        raise ValueError('The value of rpcsslcertificatechainfile is not correctly specified in the configuration file: %s' % btc_conf_file)
+                    if os.path.exists(conf['rpcsslprivatekeyfile']):
+                        private_key = conf['rpcsslprivatekeyfile']
+                    elif os.path.exists(os.path.join(os.path.dirname(btc_conf_file), conf['rpcsslprivatekeyfile'])):
+                        private_key = os.path.join(os.path.dirname(btc_conf_file), conf['rpcsslprivatekeyfile'])
+                    else:
+                        raise ValueError('The value of rpcsslprivatekeyfile is not correctly specified in the configuration file: %s' % btc_conf_file)
+                    self.__ssl_context.load_cert_chain(certificate, private_key)
+
                 if 'rpcpassword' not in conf:
                     raise ValueError('The value of rpcpassword not specified in the configuration file: %s' % btc_conf_file)
 
@@ -128,7 +145,7 @@ def __init__(self, service_url=None,
 
         if self.__url.scheme == 'https':
             self.__conn = httplib.HTTPSConnection(self.__url.hostname, port=port,
-                                                  key_file=None, cert_file=None,
+                                                  context=self.__ssl_context,
                                                   timeout=timeout)
         else:
             self.__conn = httplib.HTTPConnection(self.__url.hostname, port=port,

examples/ssl-rpc-connection.py

@@ -0,0 +1,37 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2014 The python-bitcoinlib developers
+#
+# This file is part of python-bitcoinlib.
+#
+# It is subject to the license terms in the LICENSE file found in the top-level
+# directory of this distribution.
+#
+# No part of python-bitcoinlib, including this file, may be copied, modified,
+# propagated, or distributed except according to the terms contained in the
+# LICENSE file.
+
+
+## Instructions
+
+# This sets up SSL on a localhost connection. Not terribly useful but it will be iterated on.
+
+#  Linux: cd ~/.bitcoin
+#  Mac: cd ~/Library/Application\ Support/Bitcoin/
+#  openssl genrsa -out server.pem 2048
+#  openssl req -new -x509 -nodes -sha256 -days 3650 -key server.pem > server.cert
+#  The prompts are optional, you can just hit enter
+
+# Verify that your bitcoin.conf exists in the above directory and contains the following lines:
+# server=1
+# rpcssl=1
+# rpcuser=CHANGETHIS
+# rpcpassword=CHANGETHAT
+# rpcsslciphers=TLSv1_2
+# rpcsslprivatekeyfile=server.pem
+# rpcsslcertificatechainfile=server.cert
+
+import bitcoin.rpc
+
+proxy_connection = bitcoin.rpc.Proxy()
+print(proxy_connection.getnewaddress())