Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http2: omit server name when HTTP2 host is IP address #56530

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 15 additions & 9 deletions lib/internal/http2/core.js
Original file line number Diff line number Diff line change
Expand Up @@ -636,15 +636,21 @@ function initOriginSet(session) {
if (originSet === undefined) {
const socket = session[kSocket];
session[kState].originSet = originSet = new SafeSet();
if (socket.servername != null) {
let originString = `https://${socket.servername}`;
if (socket.remotePort != null)
originString += `:${socket.remotePort}`;
// We have to ensure that it is a properly serialized
// ASCII origin string. The socket.servername might not
// be properly ASCII encoded.
originSet.add(getURLOrigin(originString));
let hostName = socket.servername;
if (hostName === null || hostName === false) {
if (socket.remoteFamily === 'IPv6') {
hostName = `[${socket.remoteAddress}]`;
} else {
hostName = socket.remoteAddress;
}
Comment on lines +639 to +645
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Host: the value sent in Server Name Indication (SNI) ([RFC6066],
Section 3) converted to lower case; if SNI is not present, the
remote address of the connection (i.e., the server's IP address)

According to RFC 8336, when the server name is not set, the server's address should be used instead.

}
let originString = `https://${hostName}`;
if (socket.remotePort != null)
originString += `:${socket.remotePort}`;
// We have to ensure that it is a properly serialized
// ASCII origin string. The socket.servername might not
// be properly ASCII encoded.
originSet.add(getURLOrigin(originString));
}
return originSet;
}
Expand Down Expand Up @@ -3333,7 +3339,7 @@ function connect(authority, options, listener) {
socket = net.connect({ port, host, ...options });
break;
case 'https:':
socket = tls.connect(port, host, initializeTLSOptions(options, host));
socket = tls.connect(port, host, initializeTLSOptions(options, net.isIP(host) ? undefined : host));
break;
default:
throw new ERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol);
Expand Down
53 changes: 53 additions & 0 deletions test/parallel/test-http2-ip-address-host.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
'use strict';

const common = require('../common');
if (!common.hasCrypto) { common.skip('missing crypto'); };
const assert = require('assert');
const fixtures = require('../common/fixtures');
const h2 = require('http2');

function loadKey(keyname) {
return fixtures.readKey(keyname, 'binary');
}

const key = loadKey('agent8-key.pem');
const cert = fixtures.readKey('agent8-cert.pem');

const server = h2.createSecureServer({ key, cert });
const hasIPv6 = common.hasIPv6;
const testCount = hasIPv6 ? 2 : 1;

server.on('stream', common.mustCall((stream) => {
const session = stream.session;
assert.strictEqual(session.servername, undefined);
stream.respond({ 'content-type': 'application/json' });
stream.end(JSON.stringify({
servername: session.servername,
originSet: session.originSet
})
);
}, testCount));

let done = 0;

server.listen(0, common.mustCall(() => {
function handleRequest(url) {
const client = h2.connect(url,
{ rejectUnauthorized: false });
const req = client.request();
let data = '';
req.setEncoding('utf8');
req.on('data', (d) => data += d);
req.on('end', common.mustCall(() => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't the requests be done in parallel? Then server can be closed with something in the listeners of 'end' events

if (++done === 2) server.close();

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've made some adjustments to process the requests in parallel.

const originSet = req.session.originSet;
assert.strictEqual(originSet[0], url);
client.close();
if (++done === testCount) server.close();
}));
}

const ipv4Url = `https://127.0.0.1:${server.address().port}`;
const ipv6Url = `https://[::1]:${server.address().port}`;
handleRequest(ipv4Url);
if (hasIPv6) handleRequest(ipv6Url);
}));
Loading