http2: omit server name when HTTP2 host is IP address

islandryu · marco-ippolito · commit 4c24ef8f7114 · 2025-03-06T13:38:14.000+01:00
Fixes: #56189 PR-URL: #56530 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js
@@ -645,15 +645,21 @@ function initOriginSet(session){
 if (originSet === undefined){
 const socket = session[kSocket];
 session[kState].originSet = originSet = new SafeSet();
- if (socket.servername != null){
- let originString = `https://${socket.servername}`;
- if (socket.remotePort != null)
- originString += `:${socket.remotePort}`;
- // We have to ensure that it is a properly serialized
- // ASCII origin string. The socket.servername might not
- // be properly ASCII encoded.
- originSet.add(getURLOrigin(originString));
+ let hostName = socket.servername;
+ if (hostName === null || hostName === false){
+ if (socket.remoteFamily === 'IPv6'){
+ hostName = `[${socket.remoteAddress}]`;
+ } else{
+ hostName = socket.remoteAddress;
+ }
 }
+ let originString = `https://${hostName}`;
+ if (socket.remotePort != null)
+ originString += `:${socket.remotePort}`;
+ // We have to ensure that it is a properly serialized
+ // ASCII origin string. The socket.servername might not
+ // be properly ASCII encoded.
+ originSet.add(getURLOrigin(originString));
 }
 return originSet;
 }
@@ -3352,7 +3358,7 @@ function connect(authority, options, listener){
 socket = net.connect({port, host, ...options });
 break;
 case 'https:':
- socket = tls.connect(port, host, initializeTLSOptions(options, host));
+ socket = tls.connect(port, host, initializeTLSOptions(options, net.isIP(host) ? undefined : host));
 break;
 default:
 throw new ERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol);
diff --git a/test/parallel/test-http2-ip-address-host.js b/test/parallel/test-http2-ip-address-host.js
@@ -0,0 +1,53 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto){common.skip('missing crypto')}
+const assert = require('assert');
+const fixtures = require('../common/fixtures');
+const h2 = require('http2');
+
+function loadKey(keyname){
+ return fixtures.readKey(keyname, 'binary');
+}
+
+const key = loadKey('agent8-key.pem');
+const cert = fixtures.readKey('agent8-cert.pem');
+
+const server = h2.createSecureServer({key, cert });
+const hasIPv6 = common.hasIPv6;
+const testCount = hasIPv6 ? 2 : 1;
+
+server.on('stream', common.mustCall((stream) =>{
+ const session = stream.session;
+ assert.strictEqual(session.servername, undefined);
+ stream.respond({'content-type': 'application/json' });
+ stream.end(JSON.stringify({
+ servername: session.servername,
+ originSet: session.originSet
+ })
+ );
+}, testCount));
+
+let done = 0;
+
+server.listen(0, common.mustCall(() =>{
+ function handleRequest(url){
+ const client = h2.connect(url,
+{rejectUnauthorized: false });
+ const req = client.request();
+ let data = '';
+ req.setEncoding('utf8');
+ req.on('data', (d) => data += d);
+ req.on('end', common.mustCall(() =>{
+ const originSet = req.session.originSet;
+ assert.strictEqual(originSet[0], url);
+ client.close();
+ if (++done === testCount) server.close();
+ }));
+ }
+
+ const ipv4Url = `https://127.0.0.1:${server.address().port}`;
+ const ipv6Url = `https://[::1]:${server.address().port}`;
+ handleRequest(ipv4Url);
+ if (hasIPv6) handleRequest(ipv6Url);
+}));

-Original file line number
+Diff line change
 if(originSet===undefined){
 constsocket=session[kSocket];
 session[kState].originSet=originSet=newSafeSet();
 -if(socket.servername!=null){
 -letoriginString=`https://${socket.servername}`;
 -if(socket.remotePort!=null)
 -originString+=`:${socket.remotePort}`;
 -// We have to ensure that it is a properly serialized
 -// ASCII origin string. The socket.servername might not
 -// be properly ASCII encoded.
 -originSet.add(getURLOrigin(originString));
 +lethostName=socket.servername;
 +if(hostName===null||hostName===false){
 +if(socket.remoteFamily==='IPv6'){
 +hostName=`[${socket.remoteAddress}]`;
 +}else{
 +hostName=socket.remoteAddress;
 +}
+}
 +letoriginString=`https://${hostName}`;
 +if(socket.remotePort!=null)
 +originString+=`:${socket.remotePort}`;
 +// We have to ensure that it is a properly serialized
 +// ASCII origin string. The socket.servername might not
 +// be properly ASCII encoded.
 +originSet.add(getURLOrigin(originString));
+}
 returnoriginSet;
+}
 socket=net.connect({ port, host, ...options});
 break;
 case'https:':
 -socket=tls.connect(port,host,initializeTLSOptions(options,host));
 +socket=tls.connect(port,host,initializeTLSOptions(options,net.isIP(host) ? undefined : host));
 break;
 default:
 thrownewERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol);
-Original file line number
+Diff line change
@@ @@ -0,0 +1,53 @@ @@
 +'use strict';
++
 +constcommon=require('../common');
 +if(!common.hasCrypto){common.skip('missing crypto');}
 +constassert=require('assert');
 +constfixtures=require('../common/fixtures');
 +consth2=require('http2');
++
 +functionloadKey(keyname){
 +returnfixtures.readKey(keyname,'binary');
 +}
++
 +constkey=loadKey('agent8-key.pem');
 +constcert=fixtures.readKey('agent8-cert.pem');
++
 +constserver=h2.createSecureServer({ key, cert });
 +consthasIPv6=common.hasIPv6;
 +consttestCount=hasIPv6 ? 2 : 1;
++
 +server.on('stream',common.mustCall((stream)=>{
 +constsession=stream.session;
 +assert.strictEqual(session.servername,undefined);
 +stream.respond({'content-type': 'application/json'});
 +stream.end(JSON.stringify({
 +servername: session.servername,
 +originSet: session.originSet
 +})
 +);
 +},testCount));
++
 +letdone=0;
++
 +server.listen(0,common.mustCall(()=>{
 +functionhandleRequest(url){
 +constclient=h2.connect(url,
 +{rejectUnauthorized: false});
 +constreq=client.request();
 +letdata='';
 +req.setEncoding('utf8');
 +req.on('data',(d)=>data+=d);
 +req.on('end',common.mustCall(()=>{
 +constoriginSet=req.session.originSet;
 +assert.strictEqual(originSet[0],url);
 +client.close();
 +if(++done===testCount)server.close();
 +}));
 +}
++
 +constipv4Url=`https://127.0.0.1:${server.address().port}`;
 +constipv6Url=`https://[::1]:${server.address().port}`;
 +handleRequest(ipv4Url);
 +if(hasIPv6)handleRequest(ipv6Url);
 +}));