-
Notifications
You must be signed in to change notification settings - Fork 565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(#3817): send servername for SNI on TLS #3821
Conversation
The test should cover the problem, but if anything better, let me know |
This does solve the certificate error but it still doesn't correctly pass the SNI, for example the following code returns a 404: request("https://example.com", {
dispatcher: new Agent().compose(interceptors.dns()),
}).then(res => res.body.text()).then(console.log); Is this just a limitation of interceptors? |
Not sure I follow. 404 is not an SNI error? |
@metcoder95 don't we also need to update the host header to the original url before dns lookup? See https://github.com/nxtedition/nxt-undici/blob/45de148436285d5063ec78aaf6360d0c121fe8ad/lib/interceptor/dns.js#L71-L88 i.e. we convert a dns name to an ip adress before reaching the connection layer, however the intended dns name still needs to be represented in the host header. |
Yeah, I'm sorry, I confused the server name with host; the problem is indeed the Host header and can confirm it works fine when it is manually passed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Interesting that this PR doesn't fix that. Don't we always pass servername as host header? |
Noup, I tried to assess that but we were always passing the resolved IP instead (which was set as the new origin). Maybe I overlooked that but can double check. Update: Yeah, it wasn't doing it. It was setting the Good catch on the host header, I will add it 👍 |
@ronag ptal |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should do it regardless of https or http
@metcoder95 ping? |
Sorry, was off last week and still catching up. I'll work on this over the week |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-v6.x v6.x
# Navigate to the new working tree
cd .worktrees/backport-v6.x
# Create a new branch
git switch --create backport-3821-to-v6.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 b93a83447a99fecf41a09c1b6857ae855a2254c9
# Push it to GitHub
git push --set-upstream origin backport-3821-to-v6.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-v6.x Then, create a pull request where the |
This relates to...
Fixes #3817
Rationale
Changes
Features
Bug Fixes
Breaking Changes and Deprecations
Status