From a51c62023246c79af35d8aaf6367a61a21b41f16 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Sat, 23 Dec 2017 09:01:58 +0100
Subject: [PATCH 1/3] tls: fix SNICallback without .server option

`options.server` only needs to be set when its
contents are actually being inspected.
---
 lib/_tls_wrap.js                              |  3 +-
 ...t-tls-socket-snicallback-without-server.js | 31 +++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 test/parallel/test-tls-socket-snicallback-without-server.js

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index e30efa4159b57e..a25503b8ef7edd 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -506,9 +506,8 @@ TLSSocket.prototype._init = function(socket, wrap) {
   if (process.features.tls_sni &&
       options.isServer &&
       options.SNICallback &&
-      options.server &&
       (options.SNICallback !== SNICallback ||
-       options.server._contexts.length)) {
+       (options.server && options.server._contexts.length))) {
     assert(typeof options.SNICallback === 'function');
     this._SNICallback = options.SNICallback;
     ssl.enableCertCb();
diff --git a/test/parallel/test-tls-socket-snicallback-without-server.js b/test/parallel/test-tls-socket-snicallback-without-server.js
new file mode 100644
index 00000000000000..3453d6d3f74251
--- /dev/null
+++ b/test/parallel/test-tls-socket-snicallback-without-server.js
@@ -0,0 +1,31 @@
+'use strict';
+
+// This is based on test-tls-securepair-fiftharg.js
+// for the deprecated `tls.createSecurePair()` variant.
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+const makeDuplexPair = require('../common/duplexpair');
+
+const sslcontext = tls.createSecureContext({
+  cert: fixtures.readSync('test_cert.pem'),
+  key: fixtures.readSync('test_key.pem')
+});
+
+const { clientSide, serverSide } = makeDuplexPair();
+const tlsSocket = new tls.TLSSocket(serverSide, {
+  isServer: true,
+  SNICallback: common.mustCall((servername, cb) => {
+    assert.strictEqual('www.google.com', servername);
+  })
+});
+
+// captured traffic from browser's request to https://www.google.com
+const sslHello = fixtures.readSync('google_ssl_hello.bin');
+
+clientSide.write(sslHello);

From d73dcd681a401b3b4065c0fe8af68ccc3cdc6e03 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Sat, 23 Dec 2017 09:26:37 +0100
Subject: [PATCH 2/3] [squash] make linter happy

---
 .../parallel/test-tls-socket-snicallback-without-server.js | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/test/parallel/test-tls-socket-snicallback-without-server.js b/test/parallel/test-tls-socket-snicallback-without-server.js
index 3453d6d3f74251..491a53c689aab4 100644
--- a/test/parallel/test-tls-socket-snicallback-without-server.js
+++ b/test/parallel/test-tls-socket-snicallback-without-server.js
@@ -12,13 +12,8 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');
 const makeDuplexPair = require('../common/duplexpair');
 
-const sslcontext = tls.createSecureContext({
-  cert: fixtures.readSync('test_cert.pem'),
-  key: fixtures.readSync('test_key.pem')
-});
-
 const { clientSide, serverSide } = makeDuplexPair();
-const tlsSocket = new tls.TLSSocket(serverSide, {
+new tls.TLSSocket(serverSide, {
   isServer: true,
   SNICallback: common.mustCall((servername, cb) => {
     assert.strictEqual('www.google.com', servername);

From fc8fd39c3905b16f3d060d3c29f6169ac80ef972 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Sun, 24 Dec 2017 07:58:45 +0100
Subject: [PATCH 3/3] [squash] swap assert arguments

---
 test/parallel/test-tls-socket-snicallback-without-server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/parallel/test-tls-socket-snicallback-without-server.js b/test/parallel/test-tls-socket-snicallback-without-server.js
index 491a53c689aab4..9d30bc17b96b65 100644
--- a/test/parallel/test-tls-socket-snicallback-without-server.js
+++ b/test/parallel/test-tls-socket-snicallback-without-server.js
@@ -16,7 +16,7 @@ const { clientSide, serverSide } = makeDuplexPair();
 new tls.TLSSocket(serverSide, {
   isServer: true,
   SNICallback: common.mustCall((servername, cb) => {
-    assert.strictEqual('www.google.com', servername);
+    assert.strictEqual(servername, 'www.google.com');
   })
 });