tls: allow TLSSocket construction with a list of ALPNProtocols #16655
Conversation
|
I have some doubt over the var out = {};
tls.convertALPNProtocols(['h2', 'http/1.1'], out);I expect |
|
Ignore me. I understand now. |
lib/_tls_wrap.js
Outdated
| if (this._tlsOptions.NPNProtocols) | ||
| tls.convertNPNProtocols(this._tlsOptions.NPNProtocols, this._tlsOptions); | ||
| if (this._tlsOptions.ALPNProtocols) | ||
| tls.convertALPNProtocols(this._tlsOptions.ALPNProtocols, this._tlsOptions); |
There was a problem hiding this comment.
You should be able to remove the calls from downstream functions now.
As well, can you make it so (and add a test to that effect) that the user's option object isn't modified? Thanks.
There was a problem hiding this comment.
Yup, that had been bothering me too.
| new tls.TLSSocket(null, { | ||
| ALPNProtocols: ['http/1.1'], | ||
| NPNProtocols: ['http/1.1'] | ||
| }); |
There was a problem hiding this comment.
What I mean is that options.ALPNProtocols and options.NPNProtocols should still be arrays-of-strings afterwards. Making a copy with Object.assign() should do it.
Would it be possible to flesh out the test somewhat and verify that the options are present in the TLS handhake? You'll need to guard on process.features.tls_alpn and process.features.tls_npn.
There was a problem hiding this comment.
I've got the skeleton of this, but I'm not sure where the TLS handshake itself happens (the docs have me tied in knots a bit). I think I should be looking at the secureConnection event. If that's the case, I need to create a server via the TLSSocket constructor and net.createServer. Am I on the right track?
There was a problem hiding this comment.
Yep. If you grep for TLSSocket in test/parallel, you should find some existing examples.
There was a problem hiding this comment.
Yup. That's where I am now (I'll move this test file to that directory too if you've no objections).
| }); | ||
|
|
||
| tlsSocket.on('secure', common.mustCall((...args) => { | ||
| // TODO |
There was a problem hiding this comment.
@bnoordhuis It seems like this event is the one I should be listening for, but it's undocumented. Am I correct? If so, which object/properties do I check to complete the test?
There was a problem hiding this comment.
You probably want 'secureConnect', 'secure' is an older, deprecated version.
Once the connection is established, verify the .alpnProtocol and .npnProtocol properties.
There was a problem hiding this comment.
'secureConnect' is only called when the socket is created using tls.connect (and not using the TLSSocket constructor directly), so that event will never be emitted. However, the code in tls.connect appears to listen for 'secure' and then do some unrelated synchronous work before emitting 'secureConnect'.
Brings the ALPNProtocols option of TLSSocket into line with the documentation. i.e. a list of strings for protocols may be used, and not only a buffer. Fixes: #16643
|
@bnoordhuis I reckon this is good for another review now. I was unable to use the |
There was a problem hiding this comment.
Thanks, LGTM. CI: https://ci.nodejs.org/job/node-test-pull-request/11132/
| new tls.TLSSocket(null, { | ||
| ALPNProtocols: ['http/1.1'], | ||
| NPNProtocols: ['http/1.1'] | ||
| }); |
There was a problem hiding this comment.
Is the idea here that the constructor call should work even if ALPN and NPN are disabled?
There was a problem hiding this comment.
This was the original test I created for this PR. On master this’ll throw because the constructor expects a buffer (where each option is used). The particular usecase which led to me encountering this issue is a proxy which needs to avoid HTTP/2 (so these options are given without “h2”).
|
The CI link indicates a failure (I think), but I’m not sure how to interpret the output... |
|
Failures on the CI are unrelated.
|
|
As I understand it this’ll fit in a semver patch. Existing behaviour is preserved, and some cases which threw when they should not have will now behave as documented. In other words, this doesn’t break existing usage (which is also consistent with the documentation). |
|
@qubyte Knew I should've checked the signature for those convert functions... you're absolutely right, you can just ignore me. 😆 |
|
Upon clicking through, the checks below all appear to have passed, but the statuses have not been updated. A known quirk? |
|
Yeah, that's broken... If you're good with build & CI type of stuff, there's an issue and I think they're looking for help nodejs/build#790 :) |
|
Heh, after years of fighting Jenkins my solution was to not use Jenkins. ;) |
|
Is there anything remaining to do for this PR? |
Brings the ALPNProtocols & NPNProtocols options of TLSSocket in line with the documentation. i.e. an array of strings for protocols may be used, not only a buffer. PR-URL: #16655 Fixes: https://github.com/node/issues/16643 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
|
Sweet! Thank you. :) |
Brings the ALPNProtocols & NPNProtocols options of TLSSocket in line with the documentation. i.e. an array of strings for protocols may be used, not only a buffer. PR-URL: nodejs#16655 Fixes: https://github.com/node/issues/16643 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
|
Could someone backport this to v8.x-staging? Info is in the guide, you just raise a backport PR. |
|
Should this be backported to |
Brings the ALPNProtocols & NPNProtocols options of TLSSocket in line with the documentation. i.e. an array of strings for protocols may be used, not only a buffer. PR-URL: nodejs#16655 Fixes: https://github.com/node/issues/16643 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Brings the ALPNProtocols & NPNProtocols options of TLSSocket in line with the documentation. i.e. an array of strings for protocols may be used, not only a buffer. Backport-PR-URL: #21721 PR-URL: #16655 Fixes: https://github.com/node/issues/16643 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Brings the ALPNProtocols & NPNProtocols options of TLSSocket in line with the documentation. i.e. an array of strings for protocols may be used, not only a buffer. Backport-PR-URL: #21721 PR-URL: #16655 Fixes: https://github.com/node/issues/16643 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Brings the ALPNProtocols option of TLSSocket into line with the
documentation. i.e. a list of strings for protocols may be used, and
not only a buffer.
Fixes: #16643
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)