From 8bc9cd67f0e6b445ee38342c904b8622c7f98878 Mon Sep 17 00:00:00 2001
From: ohemorange <ebportnoy@gmail.com>
Date: Thu, 1 Mar 2018 15:08:53 -0800
Subject: [PATCH] Fix ipv6only detection (#5648)

* Fix ipv6only detection

* move str() to inside ipv6_info

* add regression test

* Update to choose_vhosts
---
 certbot-nginx/certbot_nginx/configurator.py          |  3 +++
 .../certbot_nginx/tests/configurator_test.py         | 12 ++++++++++++
 .../testdata/etc_nginx/sites-enabled/ipv6ssl.com     |  2 ++
 3 files changed, 17 insertions(+)

diff --git a/certbot-nginx/certbot_nginx/configurator.py b/certbot-nginx/certbot_nginx/configurator.py
index e4d87744e..83e308bac 100644
--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@@ -311,6 +311,9 @@ class NginxConfigurator(common.Installer):
             configuration, and existence of ipv6only directive for specified port
         :rtype: tuple of type (bool, bool)
         """
+        # port should be a string, but it's easy to mess up, so let's
+        # make sure it is one
+        port = str(port)
         vhosts = self.parser.get_vhosts()
         ipv6_active = False
         ipv6only_present = False
diff --git a/certbot-nginx/certbot_nginx/tests/configurator_test.py b/certbot-nginx/certbot_nginx/tests/configurator_test.py
index 722ba68bf..bffaef5e4 100644
--- a/certbot-nginx/certbot_nginx/tests/configurator_test.py
+++ b/certbot-nginx/certbot_nginx/tests/configurator_test.py
@@ -181,6 +181,18 @@ class NginxConfiguratorTest(util.NginxTest):
         # Port 443 has ipv6only=on because of ipv6ssl.com vhost
         self.assertEquals((True, True), self.config.ipv6_info("443"))
 
+    def test_ipv6only_detection(self):
+        self.config.version = (1, 3, 1)
+
+        self.config.deploy_cert(
+            "ipv6.com",
+            "example/cert.pem",
+            "example/key.pem",
+            "example/chain.pem",
+            "example/fullchain.pem")
+
+        for addr in self.config.choose_vhosts("ipv6.com")[0].addrs:
+            self.assertFalse(addr.ipv6only)
 
     def test_more_info(self):
         self.assertTrue('nginx.conf' in self.config.more_info())
diff --git a/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6ssl.com b/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6ssl.com
index d8f7eff12..875a9ee1b 100644
--- a/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6ssl.com
+++ b/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6ssl.com
@@ -1,5 +1,7 @@
 server {
     listen 443 ssl;
     listen [::]:443 ssl ipv6only=on;
+    listen 5001 ssl;
+    listen [::]:5001 ssl ipv6only=on;
     server_name ipv6ssl.com;
 }