diff options
| author | Matt Mastracci <matthew@mastracci.com> | 2024-04-18 09:37:47 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-18 09:37:47 -0600 |
| commit | 5e2a747685490b31efa778241fccf938bd33722d (patch) | |
| tree | 6ede300e32bf57942ba0bf4ddae8d4eb02026e5a /ext/node/polyfills | |
| parent | 25a80bc523bf47d5eba8d578b9ffeba26a8d0341 (diff) | |
fix(ext/node): Correctly send ALPN on node TLS connections (#23434)
Landing work from #21903, plus fixing a node compat bug.
We were always sending the HTTP/2 ALPN on TLS connections which might
confuse upstream servers.
Changes:
- Configure HTTP/2 ALPN when making the TLS connection from the HTTP/2
code
- Read the `ALPNProtocols` property from the TLS connection options
rather than the deno `alpnProtocols` field
- Add tests
Prereq for landing Deno.serveHttp on Deno.serve: removing older HTTP
servers from the codebase.
Diffstat (limited to 'ext/node/polyfills')
| -rw-r--r-- | ext/node/polyfills/_tls_wrap.ts | 4 | ||||
| -rw-r--r-- | ext/node/polyfills/http2.ts | 5 |
2 files changed, 6 insertions, 3 deletions
diff --git a/ext/node/polyfills/_tls_wrap.ts b/ext/node/polyfills/_tls_wrap.ts index a70dd29f1..ed2bdd0a3 100644 --- a/ext/node/polyfills/_tls_wrap.ts +++ b/ext/node/polyfills/_tls_wrap.ts @@ -96,7 +96,7 @@ export class TLSSocket extends net.Socket { caCerts = [new TextDecoder().decode(caCerts)]; } tlsOptions.caCerts = caCerts; - tlsOptions.alpnProtocols = ["h2", "http/1.1"]; + tlsOptions.alpnProtocols = opts.ALPNProtocols; super({ handle: _wrapHandle(tlsOptions, socket), @@ -114,7 +114,7 @@ export class TLSSocket extends net.Socket { this.secureConnecting = true; this._SNICallback = null; this.servername = null; - this.alpnProtocols = tlsOptions.alpnProtocols; + this.alpnProtocols = tlsOptions.ALPNProtocols; this.authorized = false; this.authorizationError = null; this[kRes] = null; diff --git a/ext/node/polyfills/http2.ts b/ext/node/polyfills/http2.ts index 2856d3938..023b6acd3 100644 --- a/ext/node/polyfills/http2.ts +++ b/ext/node/polyfills/http2.ts @@ -1677,7 +1677,10 @@ export function connect( case "https:": // TODO(bartlomieju): handle `initializeTLSOptions` here url = `https://${host}${port == 443 ? "" : (":" + port)}`; - socket = tlsConnect(port, host, { manualStart: true }); + socket = tlsConnect(port, host, { + manualStart: true, + ALPNProtocols: ["h2", "http/1.1"], + }); break; default: throw new ERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol); |