diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 394a34c51c..ebd36519cf 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -110,6 +110,13 @@ function requestOCSP(self, hello, ctx, cb) { if (!ctx) ctx = self.server._sharedCreds; + + // TLS socket is using a `net.Server` instead of a tls.TLSServer. + // Some TLS properties like `server._sharedCreds` will not be present + if (!ctx) + return cb(null); + + // TODO(indutny): eventually disallow raw `SecureContext` if (ctx.context) ctx = ctx.context; diff --git a/test/parallel/test-tls-starttls-server.js b/test/parallel/test-tls-starttls-server.js new file mode 100644 index 0000000000..ca6a00b25d --- /dev/null +++ b/test/parallel/test-tls-starttls-server.js @@ -0,0 +1,53 @@ +'use strict'; + +// Test asynchronous SNI+OCSP on TLSSocket created with `server` set to +// `net.Server` instead of `tls.Server` + +const common = require('../common'); + +if (!common.hasCrypto) { + common.skip('missing crypto'); + return; +} + +const assert = require('assert'); +const fs = require('fs'); +const net = require('net'); +const tls = require('tls'); + +const key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'); +const cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'); + +const server = net.createServer(common.mustCall((s) => { + const tlsSocket = new tls.TLSSocket(s, { + isServer: true, + server: server, + + secureContext: tls.createSecureContext({ + key: key, + cert: cert + }), + + SNICallback: common.mustCall((hostname, callback) => { + assert.strictEqual(hostname, 'test.test'); + + callback(null, null); + }) + }); + + tlsSocket.on('secure', common.mustCall(() => { + tlsSocket.end(); + server.close(); + })); +})).listen(0, () => { + const opts = { + servername: 'test.test', + port: server.address().port, + rejectUnauthorized: false, + requestOCSP: true + }; + + tls.connect(opts, function() { + this.end(); + }); +});