tls: migrate C++ errors to internal/errors.js

* Throw ERR_TLS_SNI_FROM_SERVER when setting server names on a
  server-side socket instead of returning silently
* Assert on wrap_->started and wrap_->ssl instead of throwing
  errors since these errors indicate that the user either uses
  private APIs, or monkey-patches internals, or hits a bug.

PR-URL: https://github.com/nodejs/node/pull/18125
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

2 files changed, 7 insertions, 0 deletions

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 67dd559c87..16d8b24c29 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -660,6 +660,11 @@ TLSSocket.prototype.setServername = function(name) {
   if (typeof name !== 'string') {
     throw new errors.Error('ERR_INVALID_ARG_TYPE', 'name', 'string');
   }
+
+  if (this._tlsOptions.isServer) {
+    throw new errors.Error('ERR_TLS_SNI_FROM_SERVER');
+  }
+
   this._handle.setServername(name);
 };
 
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
index a057e628d9..8bdf30a9e7 100644
--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
@@ -480,6 +480,8 @@ E('ERR_TLS_RENEGOTIATION_FAILED', 'Failed to renegotiate');
 E('ERR_TLS_REQUIRED_SERVER_NAME',
   '"servername" is required parameter for Server.addContext');
 E('ERR_TLS_SESSION_ATTACK', 'TLS session renegotiation attack detected');
+E('ERR_TLS_SNI_FROM_SERVER',
+  'Cannot issue SNI from a TLS server-side socket');
 E('ERR_TRANSFORM_ALREADY_TRANSFORMING',
   'Calling transform done when still transforming');
 E('ERR_TRANSFORM_WITH_LENGTH_0',