feat: support SNI on TLS (#1055)

Co-authored-by: ewan-chalmers <[email protected]>
mqttjs · Feb 24, 2020 · f6534c2 · f6534c2
1 parent d764f02
commit f6534c2
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/lib/connect/tls.js b/lib/connect/tls.js
@@ -5,6 +5,7 @@ function buildBuilder (mqttClient, opts) {
   var connection
   opts.port = opts.port || 8883
   opts.host = opts.hostname || opts.host || 'localhost'
+  opts.servername = opts.host
 
   opts.rejectUnauthorized = opts.rejectUnauthorized !== false
 

diff --git a/test/secure_client.js b/test/secure_client.js
@@ -9,6 +9,7 @@ var KEY = path.join(__dirname, 'helpers', 'tls-key.pem')
 var CERT = path.join(__dirname, 'helpers', 'tls-cert.pem')
 var WRONG_CERT = path.join(__dirname, 'helpers', 'wrong-cert.pem')
 var Server = require('./server')
+var assert = require('chai').assert
 
 var server = new Server.SecureServer({
   key: fs.readFileSync(KEY),
@@ -153,5 +154,33 @@ describe('MqttSecureClient', function () {
         done()
       })
     })
+
+    it.only('should support SNI on the TLS connection', function (done) {
+      var hostname, client
+      server.removeAllListeners('secureConnection') // clear eventHandler
+      server.once('secureConnection', function (tlsSocket) { // one time eventHandler
+        assert.equal(tlsSocket.servername, hostname) // validate SNI set
+        server.setupConnection(tlsSocket)
+      })
+
+
+      hostname = 'localhost'
+      client = mqtt.connect({
+        protocol: 'mqtts',
+        port: port,
+        ca: [fs.readFileSync(CERT)],
+        rejectUnauthorized: true,
+        host: hostname
+      })
+
+      client.on('error', function (err) {
+        done(err)
+      })
+
+      server.once('connect', function () {
+        server.on('secureConnection', server.setupConnection) // reset eventHandler
+        done()
+      })
+    })
   })
 })
diff --git a/test/server.js b/test/server.js
@@ -8,7 +8,7 @@ var MqttServer
 var FastMqttServer
 var MqttSecureServer
 
-function setupConnection (duplex) {
+var setupConnection = function (duplex) {
   var that = this
   var connection = new Connection(duplex, function () {
     that.emit('client', connection)
@@ -91,3 +91,5 @@ MqttSecureServer = module.exports.SecureServer =
     return this
   }
 inherits(MqttSecureServer, tls.Server)
+MqttSecureServer.prototype.setupConnection = setupConnection
+