tls: do not crash on STARTTLS when OCSP requested
`TLSSocket` should not have a hard dependency on `tls.Server`, since it may be running without it in cases like `STARTTLS`. Fix: #10704 PR-URL: https://github.com/nodejs/node/pull/10706 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
parent
62e96096fa
commit
a1802e670d
@ -110,6 +110,13 @@ function requestOCSP(self, hello, ctx, cb) {
|
||||
|
||||
if (!ctx)
|
||||
ctx = self.server._sharedCreds;
|
||||
|
||||
// TLS socket is using a `net.Server` instead of a tls.TLSServer.
|
||||
// Some TLS properties like `server._sharedCreds` will not be present
|
||||
if (!ctx)
|
||||
return cb(null);
|
||||
|
||||
// TODO(indutny): eventually disallow raw `SecureContext`
|
||||
if (ctx.context)
|
||||
ctx = ctx.context;
|
||||
|
||||
|
53
test/parallel/test-tls-starttls-server.js
Normal file
53
test/parallel/test-tls-starttls-server.js
Normal file
@ -0,0 +1,53 @@
|
||||
'use strict';
|
||||
|
||||
// Test asynchronous SNI+OCSP on TLSSocket created with `server` set to
|
||||
// `net.Server` instead of `tls.Server`
|
||||
|
||||
const common = require('../common');
|
||||
|
||||
if (!common.hasCrypto) {
|
||||
common.skip('missing crypto');
|
||||
return;
|
||||
}
|
||||
|
||||
const assert = require('assert');
|
||||
const fs = require('fs');
|
||||
const net = require('net');
|
||||
const tls = require('tls');
|
||||
|
||||
const key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');
|
||||
const cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');
|
||||
|
||||
const server = net.createServer(common.mustCall((s) => {
|
||||
const tlsSocket = new tls.TLSSocket(s, {
|
||||
isServer: true,
|
||||
server: server,
|
||||
|
||||
secureContext: tls.createSecureContext({
|
||||
key: key,
|
||||
cert: cert
|
||||
}),
|
||||
|
||||
SNICallback: common.mustCall((hostname, callback) => {
|
||||
assert.strictEqual(hostname, 'test.test');
|
||||
|
||||
callback(null, null);
|
||||
})
|
||||
});
|
||||
|
||||
tlsSocket.on('secure', common.mustCall(() => {
|
||||
tlsSocket.end();
|
||||
server.close();
|
||||
}));
|
||||
})).listen(0, () => {
|
||||
const opts = {
|
||||
servername: 'test.test',
|
||||
port: server.address().port,
|
||||
rejectUnauthorized: false,
|
||||
requestOCSP: true
|
||||
};
|
||||
|
||||
tls.connect(opts, function() {
|
||||
this.end();
|
||||
});
|
||||
});
|
Loading…
x
Reference in New Issue
Block a user