tls: do not crash on STARTTLS when OCSP requested

`TLSSocket` should not have a hard dependency on `tls.Server`, since it may be running without it in cases like `STARTTLS`. Fix: #10704 PR-URL: #10706 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>

Author: indutny

lib/_tls_wrap.js

@@ -110,6 +110,13 @@ function requestOCSP(self, hello, ctx, cb){
 
 if(!ctx)
 ctx=self.server._sharedCreds;
+
+// TLS socket is using a `net.Server` instead of a tls.TLSServer.
+// Some TLS properties like `server._sharedCreds` will not be present
+if(!ctx)
+returncb(null);
+
+// TODO(indutny): eventually disallow raw `SecureContext`
 if(ctx.context)
 ctx=ctx.context;
 

test/parallel/test-tls-starttls-server.js

@@ -0,0 +1,53 @@
+'use strict';
+
+// Test asynchronous SNI+OCSP on TLSSocket created with `server` set to
+// `net.Server` instead of `tls.Server`
+
+constcommon=require('../common');
+
+if(!common.hasCrypto){
+common.skip('missing crypto');
+return;
+}
+
+constassert=require('assert');
+constfs=require('fs');
+constnet=require('net');
+consttls=require('tls');
+
+constkey=fs.readFileSync(common.fixturesDir+'/keys/agent1-key.pem');
+constcert=fs.readFileSync(common.fixturesDir+'/keys/agent1-cert.pem');
+
+constserver=net.createServer(common.mustCall((s)=>{
+consttlsSocket=newtls.TLSSocket(s,{
+isServer: true,
+server: server,
+
+secureContext: tls.createSecureContext({
+key: key,
+cert: cert
+}),
+
+SNICallback: common.mustCall((hostname,callback)=>{
+assert.strictEqual(hostname,'test.test');
+
+callback(null,null);
+})
+});
+
+tlsSocket.on('secure',common.mustCall(()=>{
+tlsSocket.end();
+server.close();
+}));
+})).listen(0,()=>{
+constopts={
+servername: 'test.test',
+port: server.address().port,
+rejectUnauthorized: false,
+requestOCSP: true
+};
+
+tls.connect(opts,function(){
+this.end();
+});
+});