From 7b6b15754754b45552d0872d36f3f30f5fa1a783 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Fri, 18 Sep 2015 15:35:02 +0200
Subject: [PATCH] properly handle SNI IPs

fixes mitmproxy/mitmproxy#772
We must use the ipaddress package here, because that's what cryptography
uses. If we opt for something else, we have nasty namespace conflicts.
---
 netlib/certutils.py | 11 +++++++++--
 setup.py            | 23 ++++++++++++++---------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/netlib/certutils.py b/netlib/certutils.py
index cc143a50c..c3b795acc 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -4,6 +4,7 @@ import ssl
 import time
 import datetime
 import itertools
+import ipaddress
 from pyasn1.type import univ, constraint, char, namedtype, tag
 from pyasn1.codec.der.decoder import decode
 from pyasn1.error import PyAsn1Error
@@ -85,8 +86,13 @@ def dummy_cert(privkey, cacert, commonname, sans):
     """
     ss = []
     for i in sans:
-        ss.append("DNS: %s" % i)
-    ss = ", ".join(ss)
+        try:
+            ipaddress.ip_address(i.decode("ascii"))
+        except ValueError:
+            ss.append(b"DNS: %s" % i)
+        else:
+            ss.append(b"IP: %s" % i)
+    ss = b", ".join(ss)
 
     cert = OpenSSL.crypto.X509()
     cert.gmtime_adj_notBefore(-3600 * 48)
@@ -335,6 +341,7 @@ class CertStore(object):
 class _GeneralName(univ.Choice):
     # We are only interested in dNSNames. We use a default handler to ignore
     # other types.
+    # TODO: We should also handle iPAddresses.
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('dNSName', char.IA5String().subtype(
             implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)
diff --git a/setup.py b/setup.py
index d3c09ceb7..0c9fb07b5 100644
--- a/setup.py
+++ b/setup.py
@@ -1,6 +1,7 @@
 from setuptools import setup, find_packages
 from codecs import open
 import os
+import sys
 
 from netlib import version
 
@@ -13,6 +14,18 @@ here = os.path.abspath(os.path.dirname(__file__))
 with open(os.path.join(here, 'README.mkd'), encoding='utf-8') as f:
     long_description = f.read()
 
+deps = {
+    "pyasn1>=0.1.7",
+    "pyOpenSSL>=0.15.1",
+    "cryptography>=1.0",
+    "passlib>=1.6.2",
+    "hpack>=1.0.1",
+    "six>=1.9.0",
+    "certifi>=2015.9.6.2",
+}
+if sys.version_info < (3, 0):
+    deps.add("ipaddress>=1.0.14")
+
 setup(
     name="netlib",
     version=version.VERSION,
@@ -40,15 +53,7 @@ setup(
     packages=find_packages(),
     include_package_data=True,
     zip_safe=False,
-    install_requires=[
-        "pyasn1>=0.1.7",
-        "pyOpenSSL>=0.15.1",
-        "cryptography>=1.0",
-        "passlib>=1.6.2",
-        "hpack>=1.0.1",
-        "six>=1.9.0",
-        "certifi"
-    ],
+    install_requires=list(deps),
     extras_require={
         'dev': [
             "mock>=1.0.1",