tls: do not crash on STARTTLS when OCSP requested

[indutny]

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

Affected core subsystem(s)

tls

TLSSocket should not have a hard dependency on tls.Server, since it
may be running without it in cases like STARTTLS.

Fix: #10704

[indutny]

cc @nodejs/crypto

[indutny]

cc @nodejs/collaborators

[jasnell]

this looks like semver-patch but just to be safe, is there any possibility that this could break anything? (I highly doubt it but given the removal of the requirement there's always a slight possibility)

[cjihrig]

Can you change this to assert.strictEqual().

[indutny]

Fixed, and removed that console.log() below.

[indutny]

@jasnell no possibility, everything that hit that code path was broken until this patch

[sam-github]

can just use this, and delete the const client =

[indutny]

Ack.

[sam-github]

sort requires

[indutny]

Ack

[sam-github]

From https://github.com/nodejs/node/blob/master/doc/api/tls.md#tlscreateserveroptions-secureconnectionlistener

SNICallback should invoke cb(null, ctx), where ctx is a SecureContext instance.

Is (null, null) valid? Should it be valid?

[indutny]

Yes, it is valid and it should be valid.

[sam-github]

https://github.com/nodejs/node/blob/master/doc/guides/writing-tests.md#test-structure

A test should start with a comment containing a brief description of what it is designed to test.

[indutny]

Ack

[sam-github]

One suggested tweek to in-source comment, otherwise LGTM

[sam-github]

This comment confused me when I read it, and I only understood when reading the unit test and PR history. Can I suggest:

TLS socket is using a net.Server, instead of a tls.TLSServer, so some TLS properties will not be present.

[sam-github]

ping

[bnoordhuis]

Agreed this comment is rather cryptic.

[webertrlz]

Do you have any information on when this will be merged and released?

[sam-github]

@nodejs/crypto a review from one of you is required, I believe.

[bnoordhuis]

LGTM if you clarify the comment.

[bnoordhuis]

Agreed this comment is rather cryptic.

[webertrlz]

Is it possible to catch this crash as an exception? I didn't succeed so far. This would be a good workaround until this is packaged.

[indutny]

Pushed the fix to the comment, PTAL. Landing if the wording is fine.

[bnoordhuis]

LGTM with a suggestion.

[bnoordhuis]

Consider giving one or two examples of properties that won't be there.

[indutny]

@bnoordhuis ACK

[addaleax]

CI: https://ci.nodejs.org/job/node-test-commit/8076/

[webertrlz]

hello,

sorry for asking this but I'd like to know if there is any planning on merging+packaging this PR.
otherwise I'll have to build a version with this fix for my production environment.

Thanks.

[jasnell]

@webertrlz Yes, this should land assuming that CI comes back good.

[sam-github]

Landed in a1802e6

[sam-github]

Won't show up packaged until the next 7.x release, which will be a couple weeks at least.

[webertrlz]

The post above means that it won't go packaged for 6.XX LTS?

[addaleax]

@webertrlz The rules are that changes first have to live an a Current release for two weeks before they are applied to the LTS branches. This change will almost certainly be available in the next one or two v6.x releases, and probably v4.x as well.

[webertrlz]

@addaleax understood! Thanks!