http2: omit server name when HTTP2 host is IP address

islandryu · aduh95 · commit 420204567324 · 2025-01-30T10:44:31.000+01:00
Fixes: #56189 PR-URL: #56530 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js
@@ -645,15 +645,21 @@ function initOriginSet(session) {
   if (originSet === undefined) {
     const socket = session[kSocket];
     session[kState].originSet = originSet = new SafeSet();
-    if (socket.servername != null) {
-      let originString = `https://${socket.servername}`;
-      if (socket.remotePort != null)
-        originString += `:${socket.remotePort}`;
-      // We have to ensure that it is a properly serialized
-      // ASCII origin string. The socket.servername might not
-      // be properly ASCII encoded.
-      originSet.add(getURLOrigin(originString));
+    let hostName = socket.servername;
+    if (hostName === null || hostName === false) {
+      if (socket.remoteFamily === 'IPv6') {
+        hostName = `[${socket.remoteAddress}]`;
+      } else {
+        hostName = socket.remoteAddress;
+      }
     }
+    let originString = `https://${hostName}`;
+    if (socket.remotePort != null)
+      originString += `:${socket.remotePort}`;
+    // We have to ensure that it is a properly serialized
+    // ASCII origin string. The socket.servername might not
+    // be properly ASCII encoded.
+    originSet.add(getURLOrigin(originString));
   }
   return originSet;
 }
@@ -3342,7 +3348,7 @@ function connect(authority, options, listener) {
         socket = net.connect({ port, host, ...options });
         break;
       case 'https:':
-        socket = tls.connect(port, host, initializeTLSOptions(options, host));
+        socket = tls.connect(port, host, initializeTLSOptions(options, net.isIP(host) ? undefined : host));
         break;
       default:
         throw new ERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol);
diff --git a/test/parallel/test-http2-ip-address-host.js b/test/parallel/test-http2-ip-address-host.js
@@ -0,0 +1,53 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto) { common.skip('missing crypto'); };
+const assert = require('assert');
+const fixtures = require('../common/fixtures');
+const h2 = require('http2');
+
+function loadKey(keyname) {
+  return fixtures.readKey(keyname, 'binary');
+}
+
+const key = loadKey('agent8-key.pem');
+const cert = fixtures.readKey('agent8-cert.pem');
+
+const server = h2.createSecureServer({ key, cert });
+const hasIPv6 = common.hasIPv6;
+const testCount = hasIPv6 ? 2 : 1;
+
+server.on('stream', common.mustCall((stream) => {
+  const session = stream.session;
+  assert.strictEqual(session.servername, undefined);
+  stream.respond({ 'content-type': 'application/json' });
+  stream.end(JSON.stringify({
+    servername: session.servername,
+    originSet: session.originSet
+  })
+  );
+}, testCount));
+
+let done = 0;
+
+server.listen(0, common.mustCall(() => {
+  function handleRequest(url) {
+    const client = h2.connect(url,
+                              { rejectUnauthorized: false });
+    const req = client.request();
+    let data = '';
+    req.setEncoding('utf8');
+    req.on('data', (d) => data += d);
+    req.on('end', common.mustCall(() => {
+      const originSet = req.session.originSet;
+      assert.strictEqual(originSet[0], url);
+      client.close();
+      if (++done === testCount) server.close();
+    }));
+  }
+
+  const ipv4Url = `https://127.0.0.1:${server.address().port}`;
+  const ipv6Url = `https://[::1]:${server.address().port}`;
+  handleRequest(ipv4Url);
+  if (hasIPv6) handleRequest(ipv6Url);
+}));
