diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 029d9ac26f..cdb5817fa6 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -171,7 +171,11 @@ function oncertcb(info) { if (!self._handle) return self.destroy(new Error('Socket is closed')); - self._handle.certCbDone(); + try { + self._handle.certCbDone(); + } catch (e) { + self.destroy(e); + } }); }); } diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js new file mode 100644 index 0000000000..a3089b9de3 --- /dev/null +++ b/test/parallel/test-tls-empty-sni-context.js @@ -0,0 +1,42 @@ +'use strict'; + +if (!process.features.tls_sni) { + console.log('1..0 # Skipped: node compiled without OpenSSL or ' + + 'with old OpenSSL version.'); + return; +} + +const common = require('../common'); +const assert = require('assert'); + +if (!common.hasCrypto) { + console.log('1..0 # Skipped: missing crypto'); + return; +} + +const tls = require('tls'); + +const options = { + SNICallback: (name, callback) => { + callback(null, tls.createSecureContext()); + } +}; + +const server = tls.createServer(options, (c) => { + common.fail('Should not be called'); +}).on('tlsClientError', common.mustCall((err, c) => { + assert(/SSL_use_certificate:passed a null parameter/i.test(err.message)); + server.close(); +})).listen(common.PORT, common.mustCall(() => { + const c = tls.connect({ + port: common.PORT, + rejectUnauthorized: false, + servername: 'any.name' + }, () => { + common.fail('Should not be called'); + }); + + c.on('error', common.mustCall((err) => { + assert(/socket hang up/.test(err.message)); + })); +}));