diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2015-09-18 15:35:02 +0200 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2015-09-18 15:35:02 +0200 |
| commit | 7b6b15754754b45552d0872d36f3f30f5fa1a783 (patch) | |
| tree | 7a7ac4053744e744457fc18009e1297db2e4aafd /netlib | |
| parent | f2c87cff8adc8099ef8c3a85adf314e303c475b7 (diff) | |
| download | mitmproxy-7b6b15754754b45552d0872d36f3f30f5fa1a783.tar.gz mitmproxy-7b6b15754754b45552d0872d36f3f30f5fa1a783.tar.bz2 mitmproxy-7b6b15754754b45552d0872d36f3f30f5fa1a783.zip | |
properly handle SNI IPs
fixes mitmproxy/mitmproxy#772
We must use the ipaddress package here, because that's what cryptography
uses. If we opt for something else, we have nasty namespace conflicts.
Diffstat (limited to 'netlib')
| -rw-r--r-- | netlib/certutils.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/netlib/certutils.py b/netlib/certutils.py index cc143a50..c3b795ac 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -4,6 +4,7 @@ import ssl import time import datetime import itertools +import ipaddress from pyasn1.type import univ, constraint, char, namedtype, tag from pyasn1.codec.der.decoder import decode from pyasn1.error import PyAsn1Error @@ -85,8 +86,13 @@ def dummy_cert(privkey, cacert, commonname, sans): """ ss = [] for i in sans: - ss.append("DNS: %s" % i) - ss = ", ".join(ss) + try: + ipaddress.ip_address(i.decode("ascii")) + except ValueError: + ss.append(b"DNS: %s" % i) + else: + ss.append(b"IP: %s" % i) + ss = b", ".join(ss) cert = OpenSSL.crypto.X509() cert.gmtime_adj_notBefore(-3600 * 48) @@ -335,6 +341,7 @@ class CertStore(object): class _GeneralName(univ.Choice): # We are only interested in dNSNames. We use a default handler to ignore # other types. + # TODO: We should also handle iPAddresses. componentType = namedtype.NamedTypes( namedtype.NamedType('dNSName', char.IA5String().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2) |