http: servername === false should disable SNI

indutny · targos · commit f882c9b09bac · 2019-04-30T17:47:27.000+02:00
There is no way to disable SNI extension when sending a request to HTTPS server. Setting `options.servername` to a falsy value would make Node.js core override it with either hostname or ip address. This change introduces a way to disable SNI completely if this is required for user's application. Setting `options.servername` to `` in `https.request` would disable overrides and thus disable the extension. PR-URL: #27316 Reviewed-By: Steven R Loomis <srloomis@us.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
diff --git a/doc/api/https.md b/doc/api/https.md
@@ -29,6 +29,10 @@ An [`Agent`][] object for HTTPS similar to [`http.Agent`][]. See
   Can have the same fields as for [`http.Agent(options)`][], and
   * `maxCachedSessions` {number} maximum number of TLS cached sessions.
     Use `0` to disable TLS session caching. **Default:** `100`.
+  * `servername` {string} the value of
+    [Server Name Indication extension][sni wiki] to be sent to the server. Use
+    empty string `''` to disable sending the extension.
+    **Default:** hostname or IP address of the target server.
 
     See [`Session Resumption`][] for infomation about TLS session reuse.
 
@@ -406,3 +410,4 @@ headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; p
 [`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_options
 [`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener
 [`Session Resumption`]: tls.html#tls_session_resumption
+[sni wiki]: https://en.wikipedia.org/wiki/Server_Name_Indication
diff --git a/lib/_http_agent.js b/lib/_http_agent.js
@@ -151,7 +151,7 @@ Agent.prototype.addRequest = function addRequest(req, options, port/* legacy */,
   if (options.socketPath)
     options.path = options.socketPath;
 
-  if (!options.servername)
+  if (!options.servername && options.servername !== '')
     options.servername = calculateServerName(options, req);
 
   const name = this.getName(options);
@@ -198,7 +198,7 @@ Agent.prototype.createSocket = function createSocket(req, options, cb) {
   if (options.socketPath)
     options.path = options.socketPath;
 
-  if (!options.servername)
+  if (!options.servername && options.servername !== '')
     options.servername = calculateServerName(options, req);
 
   const name = this.getName(options);
diff --git a/test/parallel/test-https-agent-sni.js b/test/parallel/test-https-agent-sni.js
@@ -18,17 +18,21 @@ let waiting = TOTAL;
 const server = https.Server(options, function(req, res) {
   if (--waiting === 0) server.close();
 
-  res.writeHead(200, {
-    'x-sni': req.socket.servername
-  });
+  const servername = req.socket.servername;
+
+  if (servername !== false) {
+    res.setHeader('x-sni', servername);
+  }
+
   res.end('hello world');
 });
 
 server.listen(0, function() {
   function expectResponse(id) {
     return common.mustCall(function(res) {
       res.resume();
-      assert.strictEqual(res.headers['x-sni'], `sni.${id}`);
+      assert.strictEqual(res.headers['x-sni'],
+                         id === false ? undefined : `sni.${id}`);
     });
   }
 
@@ -46,4 +50,13 @@ server.listen(0, function() {
       rejectUnauthorized: false
     }, expectResponse(j));
   }
+  https.get({
+    agent: agent,
+
+    path: '/',
+    port: this.address().port,
+    host: '127.0.0.1',
+    servername: '',
+    rejectUnauthorized: false
+  }, expectResponse(false));
 });
