Skip to content

Commit

Permalink
https: use servername in agent key
Browse files Browse the repository at this point in the history
https requests with different SNI values should not be sent over the
same connection, even if the `host` is the same. Server may want to
present different certificate or route the incoming TLS connection
differently, depending on the received servername extension.

Fix: nodejs#3940
PR-URL: nodejs#4389
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
indutny authored and Michael Scovetta committed Apr 2, 2016
1 parent 7e513ab commit 1002f87
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/https.js
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,10 @@ Agent.prototype.getName = function(options) {
if (options.rejectUnauthorized !== undefined)
name += options.rejectUnauthorized;

name += ':';
if (options.servername && options.servername !== options.host)
name += options.servername;

return name;
};

Expand Down
52 changes: 52 additions & 0 deletions test/parallel/test-https-agent-sni.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
'use strict';
const common = require('../common');
const assert = require('assert');

if (!common.hasCrypto) {
console.log('1..0 # Skipped: missing crypto');
return;
}
const https = require('https');

const fs = require('fs');

const options = {
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};

const TOTAL = 4;
var waiting = TOTAL;

const server = https.Server(options, function(req, res) {
if (--waiting === 0) server.close();

res.writeHead(200, {
'x-sni': req.socket.servername
});
res.end('hello world');
});

server.listen(common.PORT, function() {
function expectResponse(id) {
return common.mustCall(function(res) {
res.resume();
assert.equal(res.headers['x-sni'], 'sni.' + id);
});
}

var agent = new https.Agent({
maxSockets: 1
});
for (var j = 0; j < TOTAL; j++) {
https.get({
agent: agent,

path: '/',
port: common.PORT,
host: '127.0.0.1',
servername: 'sni.' + j,
rejectUnauthorized: false
}, expectResponse(j));
}
});

0 comments on commit 1002f87

Please sign in to comment.