http2: omit server name when HTTP2 host is IP address

Fixes: nodejs#56189
islandryu · Dec 29, 2024 · 967ca2b · 967ca2b
1 parent 67b647e
commit 967ca2b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 3 deletions.
diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js
@@ -231,6 +231,7 @@ const TLSServer = tls.Server;
 const kAlpnProtocol = Symbol('alpnProtocol');
 const kAuthority = Symbol('authority');
 const kEncrypted = Symbol('encrypted');
+const kHost = Symbol('host');
 const kID = Symbol('id');
 const kInit = Symbol('init');
 const kInfoHeaders = Symbol('sent-info-headers');
@@ -636,8 +637,10 @@ function initOriginSet(session) {
   if (originSet === undefined) {
     const socket = session[kSocket];
     session[kState].originSet = originSet = new SafeSet();
-    if (socket.servername != null) {
-      let originString = `https://${socket.servername}`;
+    const hostName = (socket.servername !== null && socket.servername !== false) ?
+      socket.servername : session[kHost];
+    if (hostName) {
+      let originString = `https://${hostName}`;
       if (socket.remotePort != null)
         originString += `:${socket.remotePort}`;
       // We have to ensure that it is a properly serialized
@@ -3333,7 +3336,7 @@ function connect(authority, options, listener) {
         socket = net.connect({ port, host, ...options });
         break;
       case 'https:':
-        socket = tls.connect(port, host, initializeTLSOptions(options, host));
+        socket = tls.connect(port, host, initializeTLSOptions(options, net.isIP(host) ? undefined : host));
         break;
       default:
         throw new ERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol);
@@ -3342,6 +3345,7 @@ function connect(authority, options, listener) {
 
   const session = new ClientHttp2Session(options, socket);
 
+  session[kHost] = host;
   session[kAuthority] = `${options.servername || host}:${port}`;
   session[kProtocol] = protocol;
 

diff --git a/test/parallel/test-http2-ip-address-host.js b/test/parallel/test-http2-ip-address-host.js
@@ -0,0 +1,38 @@
+'use strict';
+
+const common = require('../common'); if (!common.hasCrypto) { common.skip('missing crypto'); };
+const assert = require('assert');
+const fixtures = require('../common/fixtures');
+const h2 = require('http2');
+
+function loadKey(keyname) {
+  return fixtures.readKey(keyname, 'binary');
+}
+
+const key = loadKey('agent8-key.pem');
+const cert = fixtures.readKey('agent8-cert.pem');
+
+const server = h2.createSecureServer({ key, cert });
+server.on('stream', common.mustCall((stream) => {
+  const session = stream.session;
+  assert.strictEqual(session.servername, undefined);
+  stream.respond({ 'content-type': 'application/json' });
+  stream.end(JSON.stringify({
+    servername: session.servername,
+    originSet: session.originSet
+  })
+  );
+}));
+server.on('close', common.mustCall());
+server.listen(0, common.mustCall(() => {
+  const client = h2.connect(`https://127.0.0.1:${server.address().port}`,
+                            { rejectUnauthorized: false });
+  const req = client.request();
+  let data = '';
+  req.setEncoding('utf8');
+  req.on('data', (d) => data += d);
+  req.on('end', common.mustCall(() => {
+    server.close(common.mustSucceed());
+    client.close();
+  }));
+}));