From bfbd777cbb35850c432194912df71485f76e2d9a Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Fri, 12 Apr 2024 17:22:19 +0200
Subject: [PATCH] Fix certs for unicode domains (#6796)

* fix certs for unicode domains

fix #6729

* [autofix.ci] apply automated fixes

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
---
 CHANGELOG.md                            | 2 ++
 mitmproxy/addons/tlsconfig.py           | 2 +-
 test/mitmproxy/addons/test_tlsconfig.py | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0a31038c..1df19bb26 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,8 @@
   ([#6767](https://github.com/mitmproxy/mitmproxy/pull/6767), @txrp0x9)
 * Fix compatibility with older cryptography versions and silence a DeprecationWarning on Python <3.11.
   ([#6790](https://github.com/mitmproxy/mitmproxy/pull/6790), @mhils)
+* Fix a bug when proxying unicode domains.
+  ([#6796](https://github.com/mitmproxy/mitmproxy/pull/6796), @mhils)
 
 
 ## 07 March 2024: mitmproxy 10.2.4
diff --git a/mitmproxy/addons/tlsconfig.py b/mitmproxy/addons/tlsconfig.py
index 63f876a0d..20d6aa8e1 100644
--- a/mitmproxy/addons/tlsconfig.py
+++ b/mitmproxy/addons/tlsconfig.py
@@ -525,6 +525,6 @@ def _ip_or_dns_name(val: str) -> x509.GeneralName:
     try:
         ip = ipaddress.ip_address(val)
     except ValueError:
-        return x509.DNSName(val)
+        return x509.DNSName(val.encode("idna").decode())
     else:
         return x509.IPAddress(ip)
diff --git a/test/mitmproxy/addons/test_tlsconfig.py b/test/mitmproxy/addons/test_tlsconfig.py
index d209fd91e..f4a7bf9ea 100644
--- a/test/mitmproxy/addons/test_tlsconfig.py
+++ b/test/mitmproxy/addons/test_tlsconfig.py
@@ -138,12 +138,12 @@ class TestTlsConfig:
             )
 
             # And now we also incorporate SNI.
-            ctx.client.sni = "sni.example"
+            ctx.client.sni = "🌈.sni.example"
             entry = ta.get_cert(ctx)
             assert entry.cert.altnames == x509.GeneralNames(
                 [
                     x509.DNSName("example.mitmproxy.org"),
-                    x509.DNSName("sni.example"),
+                    x509.DNSName("xn--og8h.sni.example"),
                     x509.DNSName("server-address.example"),
                 ]
             )