Skip to content

Commit

Permalink
tls: use validateFunction for options.checkServerIdentity
Browse files Browse the repository at this point in the history
If user uses invalid type for `options.checkServerIdentity`
in tls.connect(), it's not internal issue of Node.js. So
validateFunction() is more proper than assert().

Fixes: nodejs#49839
PR-URL: nodejs#49896
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
  • Loading branch information
deokjinkim authored and GeoffreyBooth committed Oct 1, 2023
1 parent 7e27738 commit 381089f
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -1738,7 +1738,7 @@ exports.connect = function connect(...args) {
if (!options.keepAlive)
options.singleUse = true;

assert(typeof options.checkServerIdentity === 'function');
validateFunction(options.checkServerIdentity, 'options.checkServerIdentity');
assert(typeof options.minDHSize === 'number',
'options.minDHSize is not a number: ' + options.minDHSize);
assert(options.minDHSize > 0,
Expand Down
9 changes: 9 additions & 0 deletions test/parallel/test-tls-basic-validations.js
Original file line number Diff line number Diff line change
Expand Up @@ -135,3 +135,12 @@ assert.throws(() => { tls.createSecureContext({ maxVersion: 'fhqwhgads' }); },
code: 'ERR_TLS_INVALID_PROTOCOL_VERSION',
name: 'TypeError'
});

for (const checkServerIdentity of [undefined, null, 1, true]) {
assert.throws(() => {
tls.connect({ checkServerIdentity });
}, {
code: 'ERR_INVALID_ARG_TYPE',
name: 'TypeError',
});
}

0 comments on commit 381089f

Please sign in to comment.