tls,https: respect address family when connecting

Respect the `{ family: 6 }` address family property when connecting to a remote peer over TLS. Fixes: #4139 Fixes: #6440 PR-URL: #6654 Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
nodejs · Jun 2, 2016 · 257e54b · 257e54b
1 parent 1e26b82
commit 257e54b
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 0 deletions.
diff --git a/lib/_http_agent.js b/lib/_http_agent.js
@@ -102,6 +102,11 @@ Agent.prototype.getName = function(options) {
   if (options.localAddress)
     name += options.localAddress;
 
+  // Pacify parallel/test-http-agent-getname by only appending
+  // the ':' when options.family is set.
+  if (options.family === 4 || options.family === 6)
+    name += ':' + options.family;
+
   return name;
 };
 

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -1025,6 +1025,7 @@ exports.connect = function(/* [port, host], options, cb */) {
       connect_opt = {
         port: options.port,
         host: options.host,
+        family: options.family,
         localAddress: options.localAddress
       };
     }

diff --git a/test/parallel/parallel.status b/test/parallel/parallel.status
@@ -12,6 +12,13 @@ test-tick-processor     : PASS,FLAKY
 [$system==linux]
 test-tick-processor           : PASS,FLAKY
 
+# Flaky until https://github.com/nodejs/build/issues/415 is resolved.
+# On some of the buildbots, AAAA queries for localhost don't resolve
+# to an address and neither do any of the alternatives from the
+# localIPv6Hosts list from test/common.js.
+test-https-connect-address-family : PASS,FLAKY
+test-tls-connect-address-family : PASS,FLAKY
+
 [$system==macos]
 
 [$system==solaris] # Also applies to SmartOS

diff --git a/test/parallel/test-http-agent-getname.js b/test/parallel/test-http-agent-getname.js
@@ -30,3 +30,9 @@ assert.equal(
   }),
   '0.0.0.0:80:192.168.1.1'
 );
+
+for (const family of [0, null, undefined, 'bogus'])
+  assert.strictEqual(agent.getName({ family }), 'localhost::');
+
+for (const family of [4, 6])
+  assert.strictEqual(agent.getName({ family }), 'localhost:::' + family);
diff --git a/test/parallel/test-https-connect-address-family.js b/test/parallel/test-https-connect-address-family.js
@@ -0,0 +1,28 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const https = require('https');
+
+if (!common.hasIPv6) {
+  common.skip('no IPv6 support');
+  return;
+}
+
+const ciphers = 'AECDH-NULL-SHA';
+https.createServer({ ciphers }, function(req, res) {
+  this.close();
+  res.end();
+}).listen(common.PORT, '::1', function() {
+  const options = {
+    host: 'localhost',
+    port: common.PORT,
+    family: 6,
+    ciphers: ciphers,
+    rejectUnauthorized: false,
+  };
+  // Will fail with ECONNREFUSED if the address family is not honored.
+  https.get(options, common.mustCall(function() {
+    assert.strictEqual('::1', this.socket.remoteAddress);
+    this.destroy();
+  }));
+});
diff --git a/test/parallel/test-tls-connect-address-family.js b/test/parallel/test-tls-connect-address-family.js
@@ -0,0 +1,27 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const tls = require('tls');
+
+if (!common.hasIPv6) {
+  common.skip('no IPv6 support');
+  return;
+}
+
+const ciphers = 'AECDH-NULL-SHA';
+tls.createServer({ ciphers }, function() {
+  this.close();
+}).listen(common.PORT, '::1', function() {
+  const options = {
+    host: 'localhost',
+    port: common.PORT,
+    family: 6,
+    ciphers: ciphers,
+    rejectUnauthorized: false,
+  };
+  // Will fail with ECONNREFUSED if the address family is not honored.
+  tls.connect(options).once('secureConnect', common.mustCall(function() {
+    assert.strictEqual('::1', this.remoteAddress);
+    this.destroy();
+  }));
+});