tls: emit a warning when servername is an IP address

Setting the TLS ServerName to an IP address is not permitted by
RFC6066. This will be ignored in a future version.

Refs: https://github.com/nodejs/node/pull/18127

PR-URL: https://github.com/nodejs/node/pull/23329
Fixes: https://github.com/nodejs/node/issues/18071
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 2e32366028..0cd500617f 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -59,6 +59,8 @@ const kSNICallback = Symbol('snicallback');
 
 const noop = () => {};
 
+let ipServernameWarned = false;
+
 function onhandshakestart(now) {
   debug('onhandshakestart');
 
@@ -1240,8 +1242,18 @@ exports.connect = function connect(...args) {
   if (options.session)
     socket.setSession(options.session);
 
-  if (options.servername)
+  if (options.servername) {
+    if (!ipServernameWarned && net.isIP(options.servername)) {
+      process.emitWarning(
+        'Setting the TLS ServerName to an IP address is not permitted by ' +
+        'RFC 6066. This will be ignored in a future version.',
+        'DeprecationWarning',
+        'DEP0123'
+      );
+      ipServernameWarned = true;
+    }
     socket.setServername(options.servername);
+  }
 
   if (options.socket)
     socket._start();