tls: use the most recently added matching SecureContext in default SN…

doc/api/tls.md

@@ -627,6 +627,9 @@ added: v0.5.3
 The `server.addContext()` method adds a secure context that will be used if
 the client request's SNI name matches the supplied `hostname` (or wildcard).
 
+When there are multiple matching contexts, the most recently added one is
+used.
+
 ### `server.address()`
 <!-- YAML
 added: v0.6.0

lib/_tls_wrap.js

@@ -1458,7 +1458,8 @@ Server.prototype[EE.captureRejectionSymbol] = function(
 function SNICallback(servername, callback) {
  const contexts = this.server._contexts;
 
- for (const elem of contexts) {
+ for (let i = contexts.length - 1; i >= 0; --i) {
+ const elem = contexts[i];
  if (RegExpPrototypeTest(elem[0], servername)) {
  callback(null, elem[1]);
  return;

test/parallel/test-tls-secure-context-usage-order.js

@@ -0,0 +1,99 @@
+'use strict';
+const common = require('../common');
+const fixtures = require('../common/fixtures');
+
+if (!common.hasCrypto)
+ common.skip('missing crypto');
+
+// This test ensures that when a TLS connection is established, the server
+// selects the most recently added SecureContext that matches the servername.
+
+const assert = require('assert');
+const tls = require('tls');
+
+function loadPEM(n) {
+ return fixtures.readKey(`${n}.pem`);
+}
+
+const serverOptions = {
+ key: loadPEM('agent2-key'),
+ cert: loadPEM('agent2-cert'),
+ requestCert: true,
+ rejectUnauthorized: false,
+};
+
+const badSecureContext = {
+ key: loadPEM('agent1-key'),
+ cert: loadPEM('agent1-cert'),
+ ca: [ loadPEM('ca2-cert') ]
+};
+
+const goodSecureContext = {
+ key: loadPEM('agent1-key'),
+ cert: loadPEM('agent1-cert'),
+ ca: [ loadPEM('ca1-cert') ]
+};
+
+const server = tls.createServer(serverOptions, (c) => {
+ // The 'a' and 'b' subdomains are used to distinguish between client
+ // connections.
+ // Connection to subdomain 'a' is made when the 'bad' secure context is
+ // the only one in use.
+ if ('a.example.com' === c.servername) {
+ assert.strictEqual(c.authorized, false);
+ }
+ // Connection to subdomain 'b' is made after the 'good' context has been
+ // added.
+ if ('b.example.com' === c.servername) {
+ assert.strictEqual(c.authorized, true);
+ }
+});
+
+// 1. Add the 'bad' secure context. A connection using this context will not be
+// authorized.
+server.addContext('*.example.com', badSecureContext);
+
+server.listen(0, () => {
+ const options = {
+ port: server.address().port,
+ key: loadPEM('agent1-key'),
+ cert: loadPEM('agent1-cert'),
+ ca: [loadPEM('ca1-cert')],
+ servername: 'a.example.com',
+ rejectUnauthorized: false,
+ };
+
+ // 2. Make a connection using servername 'a.example.com'. Since a 'bad'
+ // secure context is used, this connection should not be authorized.
+ const client = tls.connect(options, () => {
+ client.end();
+ });
+
+ client.on('close', common.mustCall(() => {
+ // 3. Add a 'good' secure context.
+ server.addContext('*.example.com', goodSecureContext);
+
+ options.servername = 'b.example.com';
+ // 4. Make a connection using servername 'b.example.com'. This connection
+ // should be authorized because the 'good' secure context is the most
+ // recently added matching context.
+
+ const other = tls.connect(options, () => {
+ other.end();
+ });
+
+ other.on('close', common.mustCall(() => {
+ // 5. Make another connection using servername 'b.example.com' to ensure
+ // that the array of secure contexts is not reversed in place with each
+ // SNICallback call, as someone might be tempted to refactor this piece of
+ // code by using Array.prototype.reverse() method.
+ const onemore = tls.connect(options, () => {
+ onemore.end();
+ });
+
+ onemore.on('close', common.mustCall(() => {
+ server.close();
+ }));
+ }));
+ }));
+});