From 7db1430ee7be2867f0545a085f5a48333c1d833b Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 12 Dec 2013 03:24:17 +0100
Subject: [PATCH] ignore missing CN in certificates. fixes #169

---
 libmproxy/proxy.py           |  3 ++-
 test/data/no_common_name.pem | 20 ++++++++++++++++++++
 test/test_server.py          |  7 +++++++
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 test/data/no_common_name.pem

diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index e8d98d160..73b7f0a32 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -312,7 +312,8 @@ class ProxyHandler(tcp.BaseHandler):
             if not self.config.no_upstream_cert:
                 conn = self.get_server_connection(cc, "https", host, port, sni)
                 sans = conn.cert.altnames
-                host = conn.cert.cn.decode("utf8").encode("idna")
+                if conn.cert.cn:
+                    host = conn.cert.cn.decode("utf8").encode("idna")
             ret = self.config.certstore.get_cert(host, sans, self.config.cacert)
             if not ret:
                 raise ProxyError(502, "Unable to generate dummy cert.")
diff --git a/test/data/no_common_name.pem b/test/data/no_common_name.pem
new file mode 100644
index 000000000..fc271a0e3
--- /dev/null
+++ b/test/data/no_common_name.pem
@@ -0,0 +1,20 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAKVJ43C+8SjOvN9/pP/8HwzmHGQmRvdK/R6KlWdr7He6iiXDQNfH
+RAp+gqX0hBRT80eRjGhSmTTBLCWiXVny4UUCAwEAAQJAUQ8nZ0d85VJd9g2XUaLH
+Z4ACNGtBKk2wTKYSFyIqWZxsF5qhh7HGshJIAP6tYiX8ZW+mMSfme+zsJzWe8ChL
+gQIhAM8QpAgUHnNteZvkv0XqceX1GILEWifMt+hO9yTp4dY5AiEAzFnKr77CKCri
+/DPig4R/5q4KMpMx9EqJufHdGNmIA20CICMARxnufK86RCIr6oEg/hvG8Fu6YRr1
+Kekk3/XnavtRAiBVLVQ7vwKE5aNpRmMzOKZrS736aLpYvjz8IaFr+zgjXQIgdad5
+QZoTD49NTyMEgyZp70gTXcXQLrX2PgQKL4uNmoU=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBgTCCASugAwIBAgIJAKlcXsPLQAQuMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
+BAYTAkFVMB4XDTEzMTIxMjAxMzA1NVoXDTE0MDExMTAxMzA1NVowDTELMAkGA1UE
+BhMCQVUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEApUnjcL7xKM6833+k//wfDOYc
+ZCZG90r9HoqVZ2vsd7qKJcNA18dECn6CpfSEFFPzR5GMaFKZNMEsJaJdWfLhRQID
+AQABo24wbDAdBgNVHQ4EFgQUJm8BXcVRsROy0PVt5stkB3eVnEgwPQYDVR0jBDYw
+NIAUJm8BXcVRsROy0PVt5stkB3eVnEihEaQPMA0xCzAJBgNVBAYTAkFVggkAqVxe
+w8tABC4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAHHxcBEpWrIqtLVH
+m6Yn1hgqrAbfMj9IK6zY9C5Cbad/DfUj3AZMb5u758WJK0x9brmckgqdrQsuf9He
+Ef51/SU=
+-----END CERTIFICATE-----
diff --git a/test/test_server.py b/test/test_server.py
index 86588c691..182b969f4 100644
--- a/test/test_server.py
+++ b/test/test_server.py
@@ -197,6 +197,13 @@ class TestHTTPSCertfile(tservers.HTTPProxTest, CommonMixin):
     def test_certfile(self):
         assert self.pathod("304")
 
+class TestHTTPSNoCommonName(tservers.HTTPProxTest, CommonMixin):
+    """
+    Test what happens if we get a cert without common name back.
+    """
+    ssl = True
+    ssloptions=pathod.SSLOptions(certfile=tutils.test_data.path("data/no_common_name.pem"),
+                                 keyfile=tutils.test_data.path("data/no_common_name.pem"))
 
 class TestReverse(tservers.ReverseProxTest, CommonMixin):
     reverse = True