Sanitize host names when building certificate file names

Introduces a new dependency on `pathvalidate` (https://pypi.org/project/pathvalidate/)
which is used to sanitize certificate file names.

Previously it was possible to to generate bad filenames, for example
by connecting directly to an IPV6 address.

fixes #2137

contrib/deterministic-build/requirements.txt

@@ -16,6 +16,9 @@ idna==2.8 \
 jsonrpclib-pelix==0.4.0 \
     --hash=sha256:19c558e169a51480b39548783067ca55046b62b2409ab4559931255e12f635de \
     --hash=sha256:a966d17f2f739ee89031cf5c807d85d92db6b2715fb2b2f8a88bbfc87f468b12
+pathvalidate==2.3.1 \
+    --hash=sha256:1be91f23dd1fb5002ad2b52cb4e7396deb56092ef29a7facb6e4032c5a444f8a \
+    --hash=sha256:4a84300ec54e00db7bbfbbd65b8f138c44340fac1850d7731228d3b9d6bfa4c5
 protobuf==3.7.1 \
     --hash=sha256:21e395d7959551e759d604940a115c51c6347d90a475c9baf471a1a86b5604a9 \
     --hash=sha256:57e05e16955aee9e6a0389fcbd58d8289dd2420e47df1a1096b3a232c26eb2dd \

contrib/requirements/requirements.txt

@@ -10,3 +10,4 @@ qdarkstyle==2.6.8
 python-dateutil<2.9
 stem>=1.8.0
 certifi
+pathvalidate

electroncash/interface.py

@@ -35,6 +35,8 @@
 from typing import Optional, Tuple
 from collections import namedtuple
 
+from pathvalidate import sanitize_filename
+
 from .util import print_error
 from .utils import Event
 
@@ -168,7 +170,7 @@ def get_socket(self):
             # Try with CA first, since they are preferred over self-signed certs
             # and are always accepted (even if a previous pinned self-signed
             # cert exists).
-            cert_path = os.path.join(self.config_path, 'certs', self.host)
+            cert_path = os.path.join(self.config_path, 'certs', sanitize_filename(self.host, replacement_text='_'))
             has_pinned_self_signed = os.path.exists(cert_path)
             s, give_up = self._get_socket_and_verify_ca_cert(suppress_errors=has_pinned_self_signed)
             if s: