From e69ea78974ce189b4484d38dc3a1eec29a1eb540 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Sat, 23 Dec 2017 09:01:58 +0100
Subject: [PATCH] tls: fix SNICallback without .server option

`options.server` only needs to be set when its
contents are actually being inspected.

PR-URL: https://github.com/nodejs/node/pull/17835
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 lib/_tls_wrap.js                              |  3 +--
 ...t-tls-socket-snicallback-without-server.js | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 test/parallel/test-tls-socket-snicallback-without-server.js

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 3a1b8753f0d08d..062fdd402bcf2d 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -511,9 +511,8 @@ TLSSocket.prototype._init = function(socket, wrap) {
   if (process.features.tls_sni &&
       options.isServer &&
       options.SNICallback &&
-      options.server &&
       (options.SNICallback !== SNICallback ||
-       options.server._contexts.length)) {
+       (options.server && options.server._contexts.length))) {
     assert(typeof options.SNICallback === 'function');
     this._SNICallback = options.SNICallback;
     ssl.enableCertCb();
diff --git a/test/parallel/test-tls-socket-snicallback-without-server.js b/test/parallel/test-tls-socket-snicallback-without-server.js
new file mode 100644
index 00000000000000..9d30bc17b96b65
--- /dev/null
+++ b/test/parallel/test-tls-socket-snicallback-without-server.js
@@ -0,0 +1,26 @@
+'use strict';
+
+// This is based on test-tls-securepair-fiftharg.js
+// for the deprecated `tls.createSecurePair()` variant.
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+const makeDuplexPair = require('../common/duplexpair');
+
+const { clientSide, serverSide } = makeDuplexPair();
+new tls.TLSSocket(serverSide, {
+  isServer: true,
+  SNICallback: common.mustCall((servername, cb) => {
+    assert.strictEqual(servername, 'www.google.com');
+  })
+});
+
+// captured traffic from browser's request to https://www.google.com
+const sslHello = fixtures.readSync('google_ssl_hello.bin');
+
+clientSide.write(sslHello);