From adae3b4302756f3d75498f8fb05658a9a565aa9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?dni=20=E2=9A=A1?= <office@dnilabs.com>
Date: Wed, 19 Apr 2023 09:57:19 +0200
Subject: [PATCH] optional ssl certifiace for lndrest

---
 lnbits/wallets/lndrest.py | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/lnbits/wallets/lndrest.py b/lnbits/wallets/lndrest.py
index de8aa1dd2..f1921192a 100644
--- a/lnbits/wallets/lndrest.py
+++ b/lnbits/wallets/lndrest.py
@@ -24,6 +24,7 @@ class LndRestWallet(Wallet):
 
     def __init__(self):
         endpoint = settings.lnd_rest_endpoint
+        cert = settings.lnd_rest_cert
 
         macaroon = (
             settings.lnd_rest_macaroon
@@ -39,8 +40,16 @@ class LndRestWallet(Wallet):
                 encrypted_macaroon
             )
 
-        if not endpoint or not macaroon or not settings.lnd_rest_cert:
-            raise Exception("cannot initialize lndrest")
+        if not endpoint:
+            raise Exception("cannot initialize lndrest: no endpoint")
+
+        if not macaroon:
+            raise Exception("cannot initialize lndrest: no macaroon")
+
+        if not cert:
+            logger.warning(
+                "no certificate for lndrest provided, this only works if you have a publicly issued certificate"
+            )
 
         endpoint = endpoint[:-1] if endpoint.endswith("/") else endpoint
         endpoint = (
@@ -49,8 +58,12 @@ class LndRestWallet(Wallet):
         self.endpoint = endpoint
         self.macaroon = load_macaroon(macaroon)
 
+        # if no cert provided it should be public so we set verify to True
+        # and it will still check for validity of certificate and fail if its not valid
+        # even on startup
+        self.cert = cert or True
+
         self.auth = {"Grpc-Metadata-macaroon": self.macaroon}
-        self.cert = settings.lnd_rest_cert
 
     async def status(self) -> StatusResponse:
         try: