From 00b279087e44918bd11878895be60e4017cf5777 Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor@indutny.com>
Date: Thu, 4 May 2017 19:05:35 -0400
Subject: [PATCH] tls: accept `lookup` option for `tls.connect()`

`net.connect()` and consequently `http.Agent` support custom DNS
`lookup` option. However, as we move to `https.Agent` - this option no
longer works because it is not proxied by `tls.connect`.

Fix this inconsistency by passing it down to `net.connect`.

PR-URL: https://github.com/nodejs/node/pull/12839
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
---
 doc/api/tls.md                   |  6 ++++++
 lib/_tls_wrap.js                 |  3 ++-
 test/parallel/test-tls-lookup.js | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 test/parallel/test-tls-lookup.js

diff --git a/doc/api/tls.md b/doc/api/tls.md
index d604ddcdadfec9..993960dca055c5 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -777,6 +777,10 @@ argument.
 ## tls.connect(options[, callback])
 <!-- YAML
 added: v0.11.3
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/12839
+    description: The `lookup` option is supported now.
 -->
 
 * `options` {Object}
@@ -823,6 +827,7 @@ added: v0.11.3
     `tls.createSecureContext()`. *Note*: In effect, all
     [`tls.createSecureContext()`][] options can be provided, but they will be
     _completely ignored_ unless the `secureContext` option is missing.
+  * `lookup`: {Function} Custom lookup function. Defaults to [`dns.lookup()`][].
   * ...: Optional [`tls.createSecureContext()`][] options can be provided, see
     the `secureContext` option for more information.
 * `callback` {Function}
@@ -1243,3 +1248,4 @@ where `secure_socket` has the same API as `pair.cleartext`.
 [modifying the default cipher suite]: #tls_modifying_the_default_tls_cipher_suite
 [specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
 [tls.Server]: #tls_class_tls_server
+[`dns.lookup()`]: dns.html#dns_dns_lookup_hostname_options_callback
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c1ad58c0e87b4f..14ddac0544d4a4 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1057,7 +1057,8 @@ exports.connect = function(/* [port,] [host,] [options,] [cb] */) {
         port: options.port,
         host: options.host,
         family: options.family,
-        localAddress: options.localAddress
+        localAddress: options.localAddress,
+        lookup: options.lookup
       };
     }
     socket.connect(connect_opt, function() {
diff --git a/test/parallel/test-tls-lookup.js b/test/parallel/test-tls-lookup.js
new file mode 100644
index 00000000000000..698f0680767539
--- /dev/null
+++ b/test/parallel/test-tls-lookup.js
@@ -0,0 +1,32 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const tls = require('tls');
+
+const expectedError = /^TypeError: "lookup" option should be a function$/;
+
+['foobar', 1, {}, []].forEach(function connectThrows(input) {
+  const opts = {
+    host: 'localhost',
+    port: common.PORT,
+    lookup: input
+  };
+
+  assert.throws(function() {
+    tls.connect(opts);
+  }, expectedError);
+});
+
+connectDoesNotThrow(common.mustCall(() => {}));
+
+function connectDoesNotThrow(input) {
+  const opts = {
+    host: 'localhost',
+    port: common.PORT,
+    lookup: input
+  };
+
+  assert.doesNotThrow(function() {
+    tls.connect(opts);
+  });
+}