Failed to proxy HTTPS request to unicode domains #6729

evilpan · 2024-03-10T08:50:48Z

Problem Description

Just like issue #6381.

Steps to reproduce the behavior:

start mitmproxy: mitmproxy -p 8080
browse url with proxy setup, for example: https://tt.广西阀门.net

and then mitmproxy throws following exception:

Addon error: DNSName values should be passed as an A-label string. This means unicode characters should be encoded via a library like idna.                                                         
Traceback (most recent call last):                                                                                                                                                                                 
  File "/home/pan/.local/lib/python3.10/site-packages/mitmproxy/addons/tlsconfig.py", line 526, in _ip_or_dns_name                                                                                                 
    ip = ipaddress.ip_address(val)                                                                                                                                                                                 
  File "/usr/lib/python3.10/ipaddress.py", line 54, in ip_address                                                                                                                                                  
    raise ValueError(f'{address!r} does not appear to be an IPv4 or IPv6 address')                                                                                                                                 
ValueError: 'tt.广西阀门.net' does not appear to be an IPv4 or IPv6 address                                                                                                                                        
                                                                                                                                                                                                                   
During handling of the above exception, another exception occurred:                                                                                                                                                
                                                                                                                                                                                                                   
Traceback (most recent call last):                                                                                                                                                                                 
  File "/home/pan/.local/lib/python3.10/site-packages/cryptography/x509/general_name.py", line 85, in __init__                                                                                                     
    value.encode("ascii")                                                                                                                                                                                          
UnicodeEncodeError: 'ascii' codec can't encode characters in position 3-6: ordinal not in range(128)                                                                                                               
                                                                                                                                                                                                                   
During handling of the above exception, another exception occurred:                                                                                                                                                
                                                                                                                                                                                                                   
Traceback (most recent call last):                                                                                                                                                                                 
  File "/home/pan/.local/lib/python3.10/site-packages/mitmproxy/addons/tlsconfig.py", line 178, in tls_start_client                                                                                                
    entry = self.get_cert(tls_start.context)                                                                                                                                                                       
  File "/home/pan/.local/lib/python3.10/site-packages/mitmproxy/addons/tlsconfig.py", line 512, in get_cert                                                                                                        
    altnames.append(_ip_or_dns_name(conn_context.server.address[0]))                                                                                                                                               
  File "/home/pan/.local/lib/python3.10/site-packages/mitmproxy/addons/tlsconfig.py", line 528, in _ip_or_dns_name                                                                                                 
    return x509.DNSName(val)                                                                                                                                                                                       
  File "/home/pan/.local/lib/python3.10/site-packages/cryptography/x509/general_name.py", line 87, in __init__                                                                                                     
    raise ValueError(                                                                                                                                                                                              
ValueError: DNSName values should be passed as an A-label string. This means unicode characters should be encoded via a library like idna.                                                                         
[16:31:32.448][127.0.0.1:53048] No TLS context was provided, failing connection.

System Information

$ mitmproxy --version
Mitmproxy: 10.2.4
Python:    3.10.12
OpenSSL:   OpenSSL 3.2.1 30 Jan 2024
Platform:  Linux-6.5.0-21-generic-x86_64-with-glibc2.35

Browser:

Google Chrome	122.0.6261.94 (Official Build) (64-bit) 
Revision	880dbf29479c6152d5e4f08dfd3a96b30f919e56-refs/branch-heads/6261@{#960}
OS	Linux
JavaScript	V8 12.2.281.19
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Command Line	/usr/bin/google-chrome-stable --flag-switches-begin --flag-switches-end --desktop-startup-id=gnome-shell/Google Chrome/2430-1-PC_TIME219086

The text was updated successfully, but these errors were encountered:

fix mitmproxy#6729

* fix certs for unicode domains fix #6729 * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

evilpan added the kind/triage Unclassified issues label Mar 10, 2024

mhils added kind/bug area/protocols and removed kind/triage Unclassified issues labels Mar 11, 2024

mhils added a commit to mhils/mitmproxy that referenced this issue Apr 12, 2024

fix certs for unicode domains

6a09e80

fix mitmproxy#6729

mhils mentioned this issue Apr 12, 2024

Fix certs for unicode domains #6796

Merged

mhils added a commit that referenced this issue Apr 12, 2024

Fix certs for unicode domains (#6796)

bfbd777

* fix certs for unicode domains fix #6729 * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

mhils closed this as completed in #6796 Apr 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Failed to proxy HTTPS request to unicode domains #6729

Failed to proxy HTTPS request to unicode domains #6729

evilpan commented Mar 10, 2024

Failed to proxy HTTPS request to unicode domains #6729

Failed to proxy HTTPS request to unicode domains #6729

Comments

evilpan commented Mar 10, 2024

Problem Description

Steps to reproduce the behavior:

System Information