Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: set tlsSocket.servername as early as possible #27759

Closed
wants to merge 2 commits into from

Conversation

oyyd
Copy link
Contributor

@oyyd oyyd commented May 18, 2019

This commit makes TLSSocket set the servername property on
SSL_CTX_set_tlsext_servername_callback so that we could get it
later even if errors happen.

Fixes: #27699

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

This commit makes `TLSSocket` set the `servername` property on
`SSL_CTX_set_tlsext_servername_callback` so that we could get it
later even if errors happen.

Fixes: nodejs#27699
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. tls Issues and PRs related to the tls subsystem. labels May 18, 2019
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments but mostly LGTM. Cheers.

lib/_tls_wrap.js Outdated
@@ -774,6 +774,7 @@ TLSSocket.prototype._finishInit = function() {
return;

this.alpnProtocol = this._handle.getALPNNegotiatedProtocol();
// The servername could be set by TLSWrap.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you be specific here and say "set by TLSWrap::SelectSNIContextCallback()"? That should save the next guy/gal some searching.

Would it make sense to make the assignment conditional on if (this.servername === undefined) to avoid duplicate work?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you be specific here and say "set by TLSWrap::SelectSNIContextCallback()"? That should save the next guy/gal some searching.

Done.

Would it make sense to make the assignment conditional on if (this.servername === undefined) to avoid duplicate work?

Yes, it makes sense to me. And the default value of this.servername is null so that I have used if (this.servername === null) instead.

src/tls_wrap.cc Outdated
// Set the servername as early as possible
Local<Object> owner = p->GetOwner();
USE(owner->Set(env->context(), env->servername_string(),
OneByteString(env->isolate(), servername)));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny style nit: can you line up the arguments?

I'm a little ambivalent about discarding the return value with USE(...). I'm inclined to say it should return SSL_TLSEXT_ERR_NOACK when setting the property fails.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny style nit: can you line up the arguments?

Done.

I'm a little ambivalent about discarding the return value with USE(...). I'm inclined to say it should return SSL_TLSEXT_ERR_NOACK when setting the property fails.

Good reminding! I think returning SSL_TLSEXT_ERR_NOACK is okay as the owner looks abnormal in this scenario.

@nodejs-github-bot
Copy link
Collaborator

@oyyd
Copy link
Contributor Author

oyyd commented May 19, 2019

@bnoordhuis Thanks for the comments. PTAL.

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@danbev danbev added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 22, 2019
oyyd added a commit to oyyd/node that referenced this pull request May 23, 2019
This commit makes `TLSSocket` set the `servername` property on
`SSL_CTX_set_tlsext_servername_callback` so that we could get it
later even if errors happen.

Fixes: nodejs#27699

PR-URL: nodejs#27759
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@oyyd
Copy link
Contributor Author

oyyd commented May 23, 2019

Landed in d2cabee, thanks!

@oyyd oyyd closed this May 23, 2019
targos pushed a commit that referenced this pull request May 23, 2019
This commit makes `TLSSocket` set the `servername` property on
`SSL_CTX_set_tlsext_servername_callback` so that we could get it
later even if errors happen.

Fixes: #27699

PR-URL: #27759
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
@targos targos mentioned this pull request Jun 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Servername is not set on TLS sockets if there is a TLS client error
8 participants