Fix certs for unicode domains (#6796)

* fix certs for unicode domains

fix #6729

* [autofix.ci] apply automated fixes

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -35,6 +35,8 @@
   ([#6767](https://github.com/mitmproxy/mitmproxy/pull/6767), @txrp0x9)
 * Fix compatibility with older cryptography versions and silence a DeprecationWarning on Python <3.11.
   ([#6790](https://github.com/mitmproxy/mitmproxy/pull/6790), @mhils)
+* Fix a bug when proxying unicode domains.
+  ([#6796](https://github.com/mitmproxy/mitmproxy/pull/6796), @mhils)
 
 
 ## 07 March 2024: mitmproxy 10.2.4

mitmproxy/addons/tlsconfig.py

@@ -525,6 +525,6 @@ def _ip_or_dns_name(val: str) -> x509.GeneralName:
     try:
         ip = ipaddress.ip_address(val)
     except ValueError:
-        return x509.DNSName(val)
+        return x509.DNSName(val.encode("idna").decode())
     else:
         return x509.IPAddress(ip)

test/mitmproxy/addons/test_tlsconfig.py

@@ -138,12 +138,12 @@ class TestTlsConfig:
             )
 
             # And now we also incorporate SNI.
-            ctx.client.sni = "sni.example"
+            ctx.client.sni = "🌈.sni.example"
             entry = ta.get_cert(ctx)
             assert entry.cert.altnames == x509.GeneralNames(
                 [
                     x509.DNSName("example.mitmproxy.org"),
-                    x509.DNSName("sni.example"),
+                    x509.DNSName("xn--og8h.sni.example"),
                     x509.DNSName("server-address.example"),
                 ]
             )