https: evict cached sessions on error

Instead of using the same session over and over, evict it when the socket emits error. This could be used as a mitigation of #3692, until OpenSSL fix will be merged/released. See: #3692 PR-URL: #4982 Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>

Author: indutny

lib/https.js

@@ -83,6 +83,13 @@ function createConnection(port, host, options){
 
 self._cacheSession(options._agentKey,socket.getSession());
 });
+
+// Evict session on error
+socket.once('close',(err)=>{
+if(err)
+this._evictSession(options._agentKey);
+});
+
 returnsocket;
 }
 
@@ -163,6 +170,15 @@ Agent.prototype._cacheSession = function _cacheSession(key, session){
 this._sessionCache.map[key]=session;
 };
 
+Agent.prototype._evictSession=function_evictSession(key){
+constindex=this._sessionCache.list.indexOf(key);
+if(index===-1)
+return;
+
+this._sessionCache.list.splice(index,1);
+deletethis._sessionCache.map[key];
+};
+
 constglobalAgent=newAgent();
 
 exports.globalAgent=globalAgent;

test/parallel/test-https-agent-session-eviction.js

@@ -0,0 +1,88 @@
+'use strict';
+
+constcommon=require('../common');
+
+if(!common.hasCrypto){
+console.log('1..0 # Skipped: missing crypto');
+return;
+}
+
+constassert=require('assert');
+consthttps=require('https');
+constfs=require('fs');
+constconstants=require('constants');
+
+constoptions={
+key: fs.readFileSync(common.fixturesDir+'/keys/agent1-key.pem'),
+cert: fs.readFileSync(common.fixturesDir+'/keys/agent1-cert.pem'),
+secureOptions: constants.SSL_OP_NO_TICKET
+};
+
+// Create TLS1.2 server
+https.createServer(options,function(req,res){
+res.end('ohai');
+}).listen(common.PORT,function(){
+first(this);
+});
+
+// Do request and let agent cache the session
+functionfirst(server){
+constreq=https.request({
+port: common.PORT,
+rejectUnauthorized: false
+},function(res){
+res.resume();
+
+server.close(function(){
+faultyServer();
+});
+});
+req.end();
+}
+
+// Create TLS1 server
+functionfaultyServer(){
+options.secureProtocol='TLSv1_method';
+https.createServer(options,function(req,res){
+res.end('hello faulty');
+}).listen(common.PORT,function(){
+second(this);
+});
+}
+
+// Attempt to request using cached session
+functionsecond(server,session){
+constreq=https.request({
+port: common.PORT,
+rejectUnauthorized: false
+},function(res){
+res.resume();
+});
+
+// Let it fail
+req.on('error',common.mustCall(function(err){
+assert(/wrongversionnumber/.test(err.message));
+
+req.on('close',function(){
+third(server);
+});
+}));
+req.end();
+}
+
+// Try on more time - session should be evicted!
+functionthird(server){
+constreq=https.request({
+port: common.PORT,
+rejectUnauthorized: false
+},function(res){
+res.resume();
+assert(!req.socket.isSessionReused());
+server.close();
+});
+req.on('error',function(err){
+// never called
+assert(false);
+});
+req.end();
+}