Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 53cc16c

Browse filesBrowse files
sam-githubBridgeAR
sam-github
authored and
BridgeAR
committed
https: do not automatically use invalid servername
Stop automatically setting servername in https.request() if the target host is specified with an IP address. Doing so is invalid, and triggers a deprecation warning. It is still possible to send an IP address as a servername if its required, but it needs to be explicity configured, it won't happen automatically. PR-URL: #28209 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
1 parent 5fddde6 commit 53cc16c
Copy full SHA for 53cc16c

File tree

Expand file treeCollapse file tree

3 files changed

+16
-2
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+16
-2
lines changed
Open diff view settings
Collapse file

‎doc/api/https.md‎

Copy file name to clipboardExpand all lines: doc/api/https.md
+10-2Lines changed: 10 additions & 2 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -24,15 +24,23 @@ An [`Agent`][] object for HTTPS similar to [`http.Agent`][]. See
2424
[`https.request()`][] for more information.
2525

2626
### new Agent([options])
27-
27+
<!-- YAML
28+
changes:
29+
- version: REPLACEME
30+
pr-url: https://github.com/nodejs/node/pull/28209
31+
description: do not automatically set servername if the target host was
32+
specified using an IP address.
33+
-->
2834
* `options` {Object} Set of configurable options to set on the agent.
2935
Can have the same fields as for [`http.Agent(options)`][], and
3036
* `maxCachedSessions` {number} maximum number of TLS cached sessions.
3137
Use `0` to disable TLS session caching. **Default:** `100`.
3238
* `servername` {string} the value of
3339
[Server Name Indication extension][sni wiki] to be sent to the server. Use
3440
empty string `''` to disable sending the extension.
35-
**Default:** hostname or IP address of the target server.
41+
**Default:** hostname of the target server, unless the target server
42+
is specified using an IP address, in which case the default is `''` (no
43+
extension).
3644

3745
See [`Session Resumption`][] for infomation about TLS session reuse.
3846

Collapse file

‎lib/_http_agent.js‎

Copy file name to clipboardExpand all lines: lib/_http_agent.js
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -256,6 +256,9 @@ function calculateServerName(options, req) {
256256
servername = hostHeader.split(':', 1)[0];
257257
}
258258
}
259+
// Don't implicitly set invalid (IP) servernames.
260+
if (net.isIP(servername))
261+
servername = '';
259262
return servername;
260263
}
261264

Collapse file

‎test/parallel/test-https-simple.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-https-simple.js
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,9 @@ if (!common.hasCrypto)
2929
const assert = require('assert');
3030
const https = require('https');
3131

32+
// Assert that the IP-as-servername deprecation warning does not occur.
33+
process.on('warning', common.mustNotCall());
34+
3235
const options = {
3336
key: fixtures.readKey('agent1-key.pem'),
3437
cert: fixtures.readKey('agent1-cert.pem')

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.