ignore missing CN in certificates. fixes #169

2025-01-30 23:09:44 +00:00 · 2013-12-12 03:24:17 +01:00 · 2013-12-12 03:24:17 +01:00 · 7db1430ee7
commit 7db1430ee7
parent 28a234e28b
3 changed files with 29 additions and 1 deletions
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@ -312,7 +312,8 @@ class ProxyHandler(tcp.BaseHandler):
            if not self.config.no_upstream_cert:
                conn = self.get_server_connection(cc, "https", host, port, sni)
                sans = conn.cert.altnames
-                host = conn.cert.cn.decode("utf8").encode("idna")
+                if conn.cert.cn:
+                    host = conn.cert.cn.decode("utf8").encode("idna")
            ret = self.config.certstore.get_cert(host, sans, self.config.cacert)
            if not ret:
                raise ProxyError(502, "Unable to generate dummy cert.")
--- a/test/data/no_common_name.pem
+++ b/test/data/no_common_name.pem
@ -0,0 +1,20 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAKVJ43C+8SjOvN9/pP/8HwzmHGQmRvdK/R6KlWdr7He6iiXDQNfH
+RAp+gqX0hBRT80eRjGhSmTTBLCWiXVny4UUCAwEAAQJAUQ8nZ0d85VJd9g2XUaLH
+Z4ACNGtBKk2wTKYSFyIqWZxsF5qhh7HGshJIAP6tYiX8ZW+mMSfme+zsJzWe8ChL
+gQIhAM8QpAgUHnNteZvkv0XqceX1GILEWifMt+hO9yTp4dY5AiEAzFnKr77CKCri
+/DPig4R/5q4KMpMx9EqJufHdGNmIA20CICMARxnufK86RCIr6oEg/hvG8Fu6YRr1
+Kekk3/XnavtRAiBVLVQ7vwKE5aNpRmMzOKZrS736aLpYvjz8IaFr+zgjXQIgdad5
+QZoTD49NTyMEgyZp70gTXcXQLrX2PgQKL4uNmoU=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBgTCCASugAwIBAgIJAKlcXsPLQAQuMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
+BAYTAkFVMB4XDTEzMTIxMjAxMzA1NVoXDTE0MDExMTAxMzA1NVowDTELMAkGA1UE
+BhMCQVUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApUnjcL7xKM6833+k//wfDOYc
+ZCZG90r9HoqVZ2vsd7qKJcNA18dECn6CpfSEFFPzR5GMaFKZNMEsJaJdWfLhRQID
+AQABo24wbDAdBgNVHQ4EFgQUJm8BXcVRsROy0PVt5stkB3eVnEgwPQYDVR0jBDYw
+NIAUJm8BXcVRsROy0PVt5stkB3eVnEihEaQPMA0xCzAJBgNVBAYTAkFVggkAqVxe
+w8tABC4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAHHxcBEpWrIqtLVH
+m6Yn1hgqrAbfMj9IK6zY9C5Cbad/DfUj3AZMb5u758WJK0x9brmckgqdrQsuf9He
+Ef51/SU=
+-----END CERTIFICATE-----
--- a/test/test_server.py
+++ b/test/test_server.py
@ -197,6 +197,13 @@ class TestHTTPSCertfile(tservers.HTTPProxTest, CommonMixin):
    def test_certfile(self):
        assert self.pathod("304")

+class TestHTTPSNoCommonName(tservers.HTTPProxTest, CommonMixin):
+    """
+    Test what happens if we get a cert without common name back.
+    """
+    ssl = True
+    ssloptions=pathod.SSLOptions(certfile=tutils.test_data.path("data/no_common_name.pem"),
+                                 keyfile=tutils.test_data.path("data/no_common_name.pem"))

 class TestReverse(tservers.ReverseProxTest, CommonMixin):
    reverse = True