https: fix renegotation attack protection

Listen for the 'clientError' event that is emitted when a renegotation attack
is detected and close the connection.

Fixes test/pummel/test-https-ci-reneg-attack.js

3 files changed, 10 insertions, 2 deletions

diff --git a/lib/http.js b/lib/http.js
index 5f4d842b92..4aa8f5cb40 100644
--- a/lib/http.js
+++ b/lib/http.js
@@ -1647,6 +1647,10 @@ function Server(requestListener) {
   this.httpAllowHalfOpen = false;
 
   this.addListener('connection', connectionListener);
+
+  this.addListener('clientError', function(err, conn) {
+    conn.destroy(err);
+  });
 }
 util.inherits(Server, net.Server);
 
@@ -1705,7 +1709,7 @@ function connectionListener(socket) {
   }
 
   socket.addListener('error', function(e) {
-    self.emit('clientError', e);
+    self.emit('clientError', e, this);
   });
 
   socket.ondata = function(d, start, end) {
diff --git a/lib/https.js b/lib/https.js
index bc4e8eeea0..0ed653c065 100644
--- a/lib/https.js
+++ b/lib/https.js
@@ -39,6 +39,10 @@ function Server(opts, requestListener) {
   if (requestListener) {
     this.addListener('request', requestListener);
   }
+
+  this.addListener('clientError', function(err, conn) {
+    conn.destroy(err);
+  });
 }
 inherits(Server, tls.Server);
 
diff --git a/lib/tls.js b/lib/tls.js
index 7a37b24531..1fe4f78999 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -1155,7 +1155,7 @@ function Server(/* [options], listener */) {
       }
     });
     pair.on('error', function(err) {
-      self.emit('clientError', err);
+      self.emit('clientError', err, this);
     });
   });