Skip to content

tls: move IP-address servername deprecation to eol #58533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nodejs-github-bot merged 2 commits into from
Jun 2, 2025
Merged

tls: move IP-address servername deprecation to eol #58533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
474f6de
tls: move IP-address servername deprecation to eol
jasnell May 31, 2025
2227c75
Update doc/api/deprecations.md
jasnell May 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions doc/api/deprecations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2605,15 +2605,18 @@ Please use `Server.prototype.setSecureContext()` instead.

<!-- YAML
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/58533
description: End-of-Life.
- version: v12.0.0
pr-url: https://github.com/nodejs/node/pull/23329
description: Runtime deprecation.
-->

Type: Runtime
Type: End-of-Life

Setting the TLS ServerName to an IP address is not permitted by
[RFC 6066][]. This will be ignored in a future version.
[RFC 6066][].

### DEP0124: using `REPLServer.rli`

Expand Down
18 changes: 8 additions & 10 deletions lib/internal/tls/wrap.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,6 @@ const kIsVerified = Symbol('verified');

const noop = () => {};

let ipServernameWarned = false;
let tlsTracingWarned = false;

// Server side times how long a handshake is taking to protect against slow
Expand Down Expand Up @@ -1715,6 +1714,14 @@ exports.connect = function connect(...args) {

const context = options.secureContext || tls.createSecureContext(options);

if (options.servername && net.isIP(options.servername)) {
throw new ERR_INVALID_ARG_VALUE(
'options.servername',
options.servername,
'Setting the TLS ServerName to an IP address is not permitted.',
);
}

const tlssock = new TLSSocket(options.socket, {
allowHalfOpen: options.allowHalfOpen,
pipe: !!options.path,
Expand Down Expand Up @@ -1760,15 +1767,6 @@ exports.connect = function connect(...args) {
tlssock.setSession(options.session);

if (options.servername) {
if (!ipServernameWarned && net.isIP(options.servername)) {
process.emitWarning(
'Setting the TLS ServerName to an IP address is not permitted by ' +
'RFC 6066. This will be ignored in a future version.',
'DeprecationWarning',
'DEP0123',
);
ipServernameWarned = true;
}
tlssock.setServername(options.servername);
}

Expand Down
41 changes: 0 additions & 41 deletions test/parallel/test-tls-ip-servername-deprecation.js
View file
Open in desktop

This file was deleted.

18 changes: 18 additions & 0 deletions test/parallel/test-tls-ip-servername-forbidden.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
'use strict';

const common = require('../common');
const { throws } = require('assert');

if (!common.hasCrypto)
common.skip('missing crypto');

const tls = require('tls');

// Verify that passing an IP address the the servername option
// throws an error.
throws(() => tls.connect({
port: 1234,
servername: '127.0.0.1',
}, common.mustNotCall()), {
code: 'ERR_INVALID_ARG_VALUE',
});
Loading