Skip to content

Commit

Permalink
fix(node:tls): set TLSSocket.alpnProtocol for client connections (#26476
Browse files Browse the repository at this point in the history
)

Towards #26127
  • Loading branch information
satyarohith authored and bartlomieju committed Oct 25, 2024
1 parent c9400a0 commit c553666
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 1 deletion.
16 changes: 15 additions & 1 deletion ext/node/polyfills/_tls_wrap.ts
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ export class TLSSocket extends net.Socket {
secureConnecting: boolean;
_SNICallback: any;
servername: string | null;
alpnProtocol: string | boolean | null;
alpnProtocols: string[] | null;
authorized: boolean;
authorizationError: any;
Expand Down Expand Up @@ -114,6 +115,7 @@ export class TLSSocket extends net.Socket {
this.secureConnecting = true;
this._SNICallback = null;
this.servername = null;
this.alpnProtocol = null;
this.alpnProtocols = tlsOptions.ALPNProtocols;
this.authorized = false;
this.authorizationError = null;
Expand Down Expand Up @@ -151,10 +153,21 @@ export class TLSSocket extends net.Socket {
handle.afterConnect = async (req: any, status: number) => {
try {
const conn = await Deno.startTls(handle[kStreamBaseField], options);
try {
const hs = await conn.handshake();
if (hs.alpnProtocol) {
tlssock.alpnProtocol = hs.alpnProtocol;
} else {
tlssock.alpnProtocol = false;
}
} catch {
// Don't interrupt "secure" event to let the first read/write
// operation emit the error.
}
handle[kStreamBaseField] = conn;
tlssock.emit("secure");
tlssock.removeListener("end", onConnectEnd);
} catch {
} catch (_) {
// TODO(kt3k): Handle this
}
return afterConnect.call(handle, req, status);
Expand Down Expand Up @@ -269,6 +282,7 @@ export class ServerImpl extends EventEmitter {
// Creates TCP handle and socket directly from Deno.TlsConn.
// This works as TLS socket. We don't use TLSSocket class for doing
// this because Deno.startTls only supports client side tcp connection.
// TODO(@satyarohith): set TLSSocket.alpnProtocol when we use TLSSocket class.
const handle = new TCP(TCPConstants.SOCKET, await listener.accept());
const socket = new net.Socket({ handle });
this.emit("secureConnection", socket);
Expand Down
28 changes: 28 additions & 0 deletions tests/unit_node/tls_test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -235,3 +235,31 @@ Deno.test("tls.rootCertificates is not empty", () => {
(tls.rootCertificates as string[]).push("new cert");
}, TypeError);
});

Deno.test("TLSSocket.alpnProtocol is set for client", async () => {
const listener = Deno.listenTls({
hostname: "localhost",
port: 0,
key,
cert,
alpnProtocols: ["a"],
});
const outgoing = tls.connect({
host: "::1",
servername: "localhost",
port: listener.addr.port,
ALPNProtocols: ["a"],
secureContext: {
ca: rootCaCert,
// deno-lint-ignore no-explicit-any
} as any,
});

const conn = await listener.accept();
const handshake = await conn.handshake();
assertEquals(handshake.alpnProtocol, "a");
conn.close();
outgoing.destroy();
listener.close();
await new Promise((resolve) => outgoing.on("close", resolve));
});

0 comments on commit c553666

Please sign in to comment.