Only overwrite servername in tls connect when host is not an IP address

TooTallNate · Dec 6, 2024 · 27261fd · 27261fd
1 parent 1699a09
commit 27261fd
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 25 deletions.
diff --git a/packages/https-proxy-agent/src/index.ts b/packages/https-proxy-agent/src/index.ts
@@ -10,6 +10,17 @@ import type { OutgoingHttpHeaders } from 'http';
 
 const debug = createDebug('https-proxy-agent');
 
+const setServernameFromNonIpHost = <
+	T extends { host?: string; servername?: string }
+>(
+	options: T
+) => {
+	if (options.host && !net.isIP(options.host)) {
+		options.servername = options.host;
+	}
+	return options;
+};
+
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 type Protocol<T> = T extends `${infer Protocol}:${infer _}` ? Protocol : never;
 
@@ -92,12 +103,9 @@ export class HttpsProxyAgent<Uri extends string> extends Agent {
 		let socket: net.Socket;
 		if (proxy.protocol === 'https:') {
 			debug('Creating `tls.Socket`: %o', this.connectOpts);
-			const servername =
-				this.connectOpts.servername || this.connectOpts.host;
-			socket = tls.connect({
-				...this.connectOpts,
-				servername,
-			});
+			socket = tls.connect(
+				setServernameFromNonIpHost({ ...this.connectOpts })
+			);
 		} else {
 			debug('Creating `net.Socket`: %o', this.connectOpts);
 			socket = net.connect(this.connectOpts);
@@ -146,12 +154,12 @@ export class HttpsProxyAgent<Uri extends string> extends Agent {
 				// The proxy is connecting to a TLS server, so upgrade
 				// this socket connection to a TLS connection.
 				debug('Upgrading socket connection to TLS');
-				const servername = opts.servername || opts.host;
-				return tls.connect({
-					...omit(opts, 'host', 'path', 'port'),
-					socket,
-					servername,
-				});
+				return tls.connect(
+					setServernameFromNonIpHost({
+						...omit(opts, 'host', 'path', 'port'),
+						socket,
+					})
+				);
 			}
 
 			return socket;

diff --git a/packages/pac-proxy-agent/src/index.ts b/packages/pac-proxy-agent/src/index.ts
@@ -24,6 +24,17 @@ import { getQuickJS } from '@tootallnate/quickjs-emscripten';
 
 const debug = createDebug('pac-proxy-agent');
 
+const setServernameFromNonIpHost = <
+	T extends { host?: string; servername?: string }
+>(
+	options: T
+) => {
+	if (options.host && !net.isIP(options.host)) {
+		options.servername = options.host;
+	}
+	return options;
+};
+
 type Protocols = keyof typeof gProtocols;
 
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
@@ -238,11 +249,9 @@ export class PacProxyAgent<Uri extends string> extends Agent {
 			if (type === 'DIRECT') {
 				// Direct connection to the destination endpoint
 				if (secureEndpoint) {
-					const servername = opts.servername || opts.host;
-					socket = tls.connect({
-						...opts,
-						servername,
-					});
+					socket = tls.connect(
+						setServernameFromNonIpHost({ ...opts })
+					);
 				} else {
 					socket = net.connect(opts);
 				}

diff --git a/packages/socks-proxy-agent/src/index.ts b/packages/socks-proxy-agent/src/index.ts
@@ -9,6 +9,17 @@ import { URL } from 'url';
 
 const debug = createDebug('socks-proxy-agent');
 
+const setServernameFromNonIpHost = <
+	T extends { host?: string; servername?: string }
+>(
+	options: T
+) => {
+	if (options.host && !net.isIP(options.host)) {
+		options.servername = options.host;
+	}
+	return options;
+};
+
 function parseSocksURL(url: URL): { lookup: boolean; proxy: SocksProxy } {
 	let lookup = false;
 	let type: SocksProxy['type'] = 5;
@@ -79,8 +90,7 @@ export type SocksProxyAgentOptions = Omit<
 	'ipaddress' | 'host' | 'port' | 'type' | 'userId' | 'password'
 > & {
 	socketOptions?: SocksSocketOptions;
-} &
-	http.AgentOptions;
+} & http.AgentOptions;
 
 export class SocksProxyAgent extends Agent {
 	static protocols = [
@@ -171,12 +181,12 @@ export class SocksProxyAgent extends Agent {
 			// The proxy is connecting to a TLS server, so upgrade
 			// this socket connection to a TLS connection.
 			debug('Upgrading socket connection to TLS');
-			const servername = opts.servername || opts.host;
-			const tlsSocket = tls.connect({
-				...omit(opts, 'host', 'path', 'port'),
-				socket,
-				servername,
-			});
+			const tlsSocket = tls.connect(
+				setServernameFromNonIpHost({
+					...omit(opts, 'host', 'path', 'port'),
+					socket,
+				})
+			);
 
 			tlsSocket.once('error', (error) => {
 				debug('Socket TLS error', error.message);