tls: reapply servername on happy eyeballs connect #48255
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension.
nodejs-github-bot
added
needs-ci
Member
Author
|
cc @nodejs/net @nodejs/crypto |
Member
Author
|
I'm not sure what the process is nowadays, but could this be backported to 18.x.y, please? |
ShogunPanda
approved these changes
May 31, 2023
ShogunPanda
requested changes
May 31, 2023
Member
Author
|
@ShogunPanda ah, that's great! We still use Node 18, so we didn't get the fix there. Perhaps the PR here could be used as a backport of your work? |
Contributor
|
Yeah, the fixes are stuck in main due to #48000, unfortunately. |
ShogunPanda
approved these changes
May 31, 2023
github-actions
bot
removed
the
request-ci
Collaborator
Collaborator
lpinca
approved these changes
May 31, 2023
Collaborator
Collaborator
34 tasks
ShogunPanda
added
the
commit-queue
JungMinu
approved these changes
Jun 2, 2023
nodejs-github-bot
removed
the
commit-queue
Collaborator
|
Landed in 2fca7ea |
This was referenced Jun 3, 2023
targos
pushed a commit
that referenced
this pull request
Jun 4, 2023
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension. PR-URL: #48255 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
This was referenced Jun 5, 2023
franciszek-koltuniuk-red
pushed a commit
to franciszek-koltuniuk-red/node
that referenced
this pull request
Jun 7, 2023
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension. PR-URL: nodejs#48255 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
danielleadams
pushed a commit
that referenced
this pull request
Jul 6, 2023
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension. PR-URL: #48255 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
MoLow
pushed a commit
to MoLow/node
that referenced
this pull request
Jul 6, 2023
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension. PR-URL: nodejs#48255 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Ceres6
pushed a commit
to Ceres6/node
that referenced
this pull request
Aug 14, 2023
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension. PR-URL: nodejs#48255 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Ceres6
pushed a commit
to Ceres6/node
that referenced
this pull request
Aug 14, 2023
When establishing a TLS connection to a server with `autoSelectFamily` set to `true`, the `net.Socket` will call `[kWrapConnectedHandle]()` to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand new `TLSWrap` instance being created for the socket. While most of the configuration of `TLSWrap` is restored, the `servername` was sadly dropped and not reinitalized. With this patch `servername` will be reinitialized if there are `tls.connect` options present on the `TLSSocket` instance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension. PR-URL: nodejs#48255 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When establishing a TLS connection to a server with
autoSelectFamilyset totrue, thenet.Socketwill call[kWrapConnectedHandle]()to reinitialize the socket (in case if it got broken during previous connect attempts). Unfortunately, prior to this patch this resulted in a brand newTLSWrapinstance being created for the socket. While most of the configuration ofTLSWrapis restored, theservernamewas sadly dropped and not reinitalized.With this patch
servernamewill be reinitialized if there aretls.connectoptions present on theTLSSocketinstance, making it possible to connect with "Happy Eyeballs" to TLS servers that require the servername extension.