Skip to content

Commit

Permalink
http: servername === false should disable SNI
Browse files Browse the repository at this point in the history
There is no way to disable SNI extension when sending a request to HTTPS
server. Setting `options.servername` to a falsy value would make Node.js
core override it with either hostname or ip address.

This change introduces a way to disable SNI completely if this is
required for user's application. Setting `options.servername` to ``
in `https.request` would disable overrides and thus disable the
extension.

PR-URL: nodejs#27316
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
  • Loading branch information
indutny authored and Trott committed Apr 30, 2019
1 parent 524dd46 commit 98e9de7
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 6 deletions.
5 changes: 5 additions & 0 deletions doc/api/https.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ An [`Agent`][] object for HTTPS similar to [`http.Agent`][]. See
Can have the same fields as for [`http.Agent(options)`][], and
* `maxCachedSessions` {number} maximum number of TLS cached sessions.
Use `0` to disable TLS session caching. **Default:** `100`.
* `servername` {string} the value of
[Server Name Indication extension][sni wiki] to be sent to the server. Use
empty string `''` to disable sending the extension.
**Default:** hostname or IP address of the target server.

See [`Session Resumption`][] for infomation about TLS session reuse.

Expand Down Expand Up @@ -406,3 +410,4 @@ headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; p
[`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_options
[`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener
[`Session Resumption`]: tls.html#tls_session_resumption
[sni wiki]: https://en.wikipedia.org/wiki/Server_Name_Indication
4 changes: 2 additions & 2 deletions lib/_http_agent.js
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ Agent.prototype.addRequest = function addRequest(req, options, port/* legacy */,
if (options.socketPath)
options.path = options.socketPath;

if (!options.servername)
if (!options.servername && options.servername !== '')
options.servername = calculateServerName(options, req);

const name = this.getName(options);
Expand Down Expand Up @@ -198,7 +198,7 @@ Agent.prototype.createSocket = function createSocket(req, options, cb) {
if (options.socketPath)
options.path = options.socketPath;

if (!options.servername)
if (!options.servername && options.servername !== '')
options.servername = calculateServerName(options, req);

const name = this.getName(options);
Expand Down
21 changes: 17 additions & 4 deletions test/parallel/test-https-agent-sni.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,21 @@ let waiting = TOTAL;
const server = https.Server(options, function(req, res) {
if (--waiting === 0) server.close();

res.writeHead(200, {
'x-sni': req.socket.servername
});
const servername = req.socket.servername;

if (servername !== false) {
res.setHeader('x-sni', servername);
}

res.end('hello world');
});

server.listen(0, function() {
function expectResponse(id) {
return common.mustCall(function(res) {
res.resume();
assert.strictEqual(res.headers['x-sni'], `sni.${id}`);
assert.strictEqual(res.headers['x-sni'],
id === false ? undefined : `sni.${id}`);
});
}

Expand All @@ -46,4 +50,13 @@ server.listen(0, function() {
rejectUnauthorized: false
}, expectResponse(j));
}
https.get({
agent: agent,

path: '/',
port: this.address().port,
host: '127.0.0.1',
servername: '',
rejectUnauthorized: false
}, expectResponse(false));
});

0 comments on commit 98e9de7

Please sign in to comment.