From 6ff8562399a568b37d112c9deaa9e45af519ddbf Mon Sep 17 00:00:00 2001 From: David Halls Date: Sat, 2 May 2020 07:42:26 +0100 Subject: [PATCH] tls: reset secureConnecting on client socket secureConnecting is never set to false on client TLS sockets. So if Http2Session constructor (in lib/internal/http2/core.js) is called after secureConnect is emitted, then it will wrongly wait for a secureConnect event. This fix sets secureConnecting to false when a client TLS socket has connected. PR-URL: https://github.com/nodejs/node/pull/33209 Reviewed-By: Luigi Pinca Reviewed-By: Sam Roberts --- lib/_tls_wrap.js | 2 ++ test/parallel/test-http2-connect.js | 34 ++++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 45d8c3722f44b2..a1d3893b27c652 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1521,10 +1521,12 @@ function onConnectSecure() { debug('client emit secureConnect. rejectUnauthorized: %s, ' + 'authorizationError: %s', options.rejectUnauthorized, this.authorizationError); + this.secureConnecting = false; this.emit('secureConnect'); } else { this.authorized = true; debug('client emit secureConnect. authorized:', this.authorized); + this.secureConnecting = false; this.emit('secureConnect'); } diff --git a/test/parallel/test-http2-connect.js b/test/parallel/test-http2-connect.js index 6f62f55a93b7f2..9ee2e4347f600b 100644 --- a/test/parallel/test-http2-connect.js +++ b/test/parallel/test-http2-connect.js @@ -9,9 +9,11 @@ const { } = require('../common'); if (!hasCrypto) skip('missing crypto'); +const fixtures = require('../common/fixtures'); const assert = require('assert'); -const { createServer, connect } = require('http2'); +const { createServer, createSecureServer, connect } = require('http2'); const { connect: netConnect } = require('net'); +const { connect: tlsConnect } = require('tls'); // Check for session connect callback and event { @@ -70,6 +72,36 @@ const { connect: netConnect } = require('net'); connect(authority).on('error', () => {}); } +// Check for session connect callback on already connected TLS socket +{ + const serverOptions = { + key: fixtures.readKey('agent1-key.pem'), + cert: fixtures.readKey('agent1-cert.pem') + }; + const server = createSecureServer(serverOptions); + server.listen(0, mustCall(() => { + const { port } = server.address(); + + const onSocketConnect = () => { + const authority = `https://localhost:${port}`; + const createConnection = mustCall(() => socket); + const options = { createConnection }; + connect(authority, options, mustCall(onSessionConnect)); + }; + + const onSessionConnect = (session) => { + session.close(); + server.close(); + }; + + const clientOptions = { + port, + rejectUnauthorized: false + }; + const socket = tlsConnect(clientOptions, mustCall(onSocketConnect)); + })); +} + // Check for error for init settings error { createServer(function() {