always add common name as subjectAltName

author: Maximilian Hils <git@maximilianhils.com> 2016-02-04 18:16:23 +0100
committer: Maximilian Hils <git@maximilianhils.com> 2016-02-04 18:16:23 +0100
commit: 375dbe070383caa79d9593a6d7a6b33eb0eb7a4a (patch)
tree: 9bbac4f6606c4f722814a737a70c2388f95011c1
parent: 023026e032f7f78a53a598eb7bd130d1b14930d2 (diff)
download: mitmproxy-375dbe070383caa79d9593a6d7a6b33eb0eb7a4a.tar.gz
mitmproxy-375dbe070383caa79d9593a6d7a6b33eb0eb7a4a.tar.bz2
mitmproxy-375dbe070383caa79d9593a6d7a6b33eb0eb7a4a.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/libmproxy/protocol/tls.py b/libmproxy/protocol/tls.py
index ccae1661..986eb964 100644
--- a/libmproxy/protocol/tls.py
+++ b/libmproxy/protocol/tls.py
@@ -560,5 +560,7 @@ class TlsLayer(Layer):
         if self._sni_from_server_change:
             sans.add(self._sni_from_server_change)
 
-        sans.discard(host)
+        # Some applications don't consider the CN and expect the hostname to be in the SANs.
+        # For example, Thunderbird 38 will display a warning if the remote host is only the CN.
+        sans.add(host)
         return self.config.certstore.get_cert(host, list(sans))
author	Maximilian Hils <git@maximilianhils.com>	2016-02-04 18:16:23 +0100
committer	Maximilian Hils <git@maximilianhils.com>	2016-02-04 18:16:23 +0100
commit	375dbe070383caa79d9593a6d7a6b33eb0eb7a4a (patch)
tree	9bbac4f6606c4f722814a737a70c2388f95011c1
parent	023026e032f7f78a53a598eb7bd130d1b14930d2 (diff)
download	mitmproxy-375dbe070383caa79d9593a6d7a6b33eb0eb7a4a.tar.gz mitmproxy-375dbe070383caa79d9593a6d7a6b33eb0eb7a4a.tar.bz2 mitmproxy-375dbe070383caa79d9593a6d7a6b33eb0eb7a4a.zip