From e0bc1109c0e2b726436d3a7426f658fbdcffe136 Mon Sep 17 00:00:00 2001
From: Thomas Kriechbaumer <thomas@kriechbaumer.name>
Date: Sun, 26 Feb 2017 20:34:46 +0100
Subject: do not return IP addresses in SSLCert.altnames

---
 mitmproxy/certs.py           | 3 ++-
 test/mitmproxy/test_certs.py | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py
index 7b5c833b..6485eed7 100644
--- a/mitmproxy/certs.py
+++ b/mitmproxy/certs.py
@@ -478,7 +478,8 @@ class SSLCert(serializable.Serializable):
                     continue
                 for i in dec[0]:
                     if i[0] is None and isinstance(i[1], univ.OctetString) and not isinstance(i[1], char.IA5String):
-                        e = b'.'.join([str(e).encode() for e in i[1].asNumbers()])
+                        # This would give back the IP address: b'.'.join([str(e).encode() for e in i[1].asNumbers()])
+                        continue
                     else:
                         e = i[0].asOctets()
                     altnames.append(e)
diff --git a/test/mitmproxy/test_certs.py b/test/mitmproxy/test_certs.py
index ab2adce8..9bd3ad25 100644
--- a/test/mitmproxy/test_certs.py
+++ b/test/mitmproxy/test_certs.py
@@ -136,7 +136,7 @@ class TestDummyCert:
                 [b"one.com", b"two.com", b"*.three.com", b"127.0.0.1"]
             )
             assert r.cn == b"foo.com"
-            assert r.altnames == [b'one.com', b'two.com', b'*.three.com', b'127.0.0.1']
+            assert r.altnames == [b'one.com', b'two.com', b'*.three.com']
 
             r = certs.dummy_cert(
                 ca.default_privatekey,
-- 
cgit v1.2.3