Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly fall back to http.Server when tlsconfig is missing #7

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Properly fall back to http.Server when tlsconfig is missing #7

wants to merge 2 commits into from

Conversation

Rob--W
Copy link

@Rob--W Rob--W commented Jan 7, 2017

The common pattern in the implementation of Server (including the http.Server and https.Server objects from the Node.js core) is the following (note that this is completely ignored):

if (!(this instanceof Server)) return new Server(...arguments);

There are three relevant Server implementations, with the following inheritance tree:

- tls.Server
 +-- http.Server
 +-- https.Server
   +-- httpolyglot.Server

When httpolyglot.Server is constructed without TLS config, it falls back to constructing itself using http.Server:

// this is an instance of httpolyglot.Server
http.Server.call(this, requestListener);

But this is not an instance of http.Server, so a new http.Server instance is created (and discarded) and this is not modified. So, when listen() is called, the server starts listening on a port
but does not have any request handlers. Consequently, when a http(s) request is sent to the server, the connection is accepted but the request is never processed.

To fix this, be explicit and return the new instance of http.Server (as done in this PR).

Rob--W added 2 commits January 7, 2017 23:31
@Rob--W
Treat null tlsconfig as missing
59bca6c
@Rob--W
return http.Server when TLS config is missing
ea3a71f 
The common pattern in the implementation of Server (including the
http.Server and https.Server objects from the Node.js core) is
the following (note that `this` is completely ignored):

    if (!(this instanceof Server)) return new Server(...arguments);

There are three relevant `Server` implementations, with the following
inheritance tree:

    - tls.Server
     +-- http.Server
     +-- https.Server
       +-- httpolyglot.Server

When `httpolyglot.Server` is constructed without TLS config, it falls
back to constructing itself using `http.Server`:

    // this is an instance of httpolyglot.Server
    http.Server.call(this, requestListener);

But `this` is not an instance of `http.Server`, so a new `http.Server`
instance is created (and discarded) and `this` is not modified.
So, when `listen()` is called, the server starts listening on a port
but does not have any request handlers. Consequently, when a http(s)
request is sent to the server, the connection is accepted but the
request is never processed.

To fix this, be explicit and return the new instance of `http.Server`.
@Rob--W
Copy link
Author

Rob--W commented Jan 7, 2017

I've tested the patch with Node v4.2.6 and v7.4.0.

@mscdex
Copy link
Owner

mscdex commented Jan 8, 2017

I think I would rather just get rid of the silent fallback to http.Server and enforce a TLS configuration.

@Rob--W
Copy link
Author

Rob--W commented Jan 8, 2017 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Rob--W @mscdex