http: servername === false should disable SNI

There is no way to disable SNI extension when sending a request to HTTPS server. Setting `options.servername` to a falsy value would make Node.js core override it with either hostname or ip address. This change introduces a way to disable SNI completely if this is required for user's application. Setting `options.servername` to `` in `https.request` would disable overrides and thus disable the extension. PR-URL: https://github.com/nodejs/node/pull/27316 Reviewed-By: Steven R Loomis <srloomis@us.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-04-19 15:51:24 -04:00 · 2019-04-19 15:51:24 -04:00 · 98e9de7db9
commit 98e9de7db9
parent 524dd469ce
3 changed files with 24 additions and 6 deletions
--- a/doc/api/https.md
+++ b/doc/api/https.md
@ -29,6 +29,10 @@ An [`Agent`][] object for HTTPS similar to [`http.Agent`][]. See
  Can have the same fields as for [`http.Agent(options)`][], and
  * `maxCachedSessions` {number} maximum number of TLS cached sessions.
    Use `0` to disable TLS session caching. **Default:** `100`.
+  * `servername` {string} the value of
+    [Server Name Indication extension][sni wiki] to be sent to the server. Use
+    empty string `''` to disable sending the extension.
+    **Default:** hostname or IP address of the target server.

    See [`Session Resumption`][] for infomation about TLS session reuse.

@ -406,3 +410,4 @@ headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; p
 [`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_options
 [`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener
 [`Session Resumption`]: tls.html#tls_session_resumption
+[sni wiki]: https://en.wikipedia.org/wiki/Server_Name_Indication
--- a/lib/_http_agent.js
+++ b/lib/_http_agent.js
@ -151,7 +151,7 @@ Agent.prototype.addRequest = function addRequest(req, options, port/* legacy */,
  if (options.socketPath)
    options.path = options.socketPath;

-  if (!options.servername)
+  if (!options.servername && options.servername !== '')
    options.servername = calculateServerName(options, req);

  const name = this.getName(options);
@ -198,7 +198,7 @@ Agent.prototype.createSocket = function createSocket(req, options, cb) {
  if (options.socketPath)
    options.path = options.socketPath;

-  if (!options.servername)
+  if (!options.servername && options.servername !== '')
    options.servername = calculateServerName(options, req);

  const name = this.getName(options);
--- a/test/parallel/test-https-agent-sni.js
+++ b/test/parallel/test-https-agent-sni.js
@ -18,9 +18,12 @@ let waiting = TOTAL;
 const server = https.Server(options, function(req, res) {
  if (--waiting === 0) server.close();

-  res.writeHead(200, {
-    'x-sni': req.socket.servername
-  });
+  const servername = req.socket.servername;
+
+  if (servername !== false) {
+    res.setHeader('x-sni', servername);
+  }
+
  res.end('hello world');
 });

@ -28,7 +31,8 @@ server.listen(0, function() {
  function expectResponse(id) {
    return common.mustCall(function(res) {
      res.resume();
-      assert.strictEqual(res.headers['x-sni'], `sni.${id}`);
+      assert.strictEqual(res.headers['x-sni'],
+                         id === false ? undefined : `sni.${id}`);
    });
  }

@ -46,4 +50,13 @@ server.listen(0, function() {
      rejectUnauthorized: false
    }, expectResponse(j));
  }
+  https.get({
+    agent: agent,
+
+    path: '/',
+    port: this.address().port,
+    host: '127.0.0.1',
+    servername: '',
+    rejectUnauthorized: false
+  }, expectResponse(false));
 });