tls: emit a warning when servername is an IP address

Setting the TLS ServerName to an IP address is not permitted by
RFC6066. This will be ignored in a future version.

Refs: https://github.com/nodejs/node/pull/18127

PR-URL: https://github.com/nodejs/node/pull/23329
Fixes: https://github.com/nodejs/node/issues/18071
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>

1 files changed, 41 insertions, 0 deletions

diff --git a/test/parallel/test-tls-ip-servername-deprecation.js b/test/parallel/test-tls-ip-servername-deprecation.js
new file mode 100644
index 0000000000..b747caa03d
--- /dev/null
+++ b/test/parallel/test-tls-ip-servername-deprecation.js
@@ -0,0 +1,41 @@
+'use strict';
+
+const common = require('../common');
+const fixtures = require('../common/fixtures');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const tls = require('tls');
+
+// This test expects `tls.connect()` to emit a warning when
+// `servername` of options is an IP address.
+common.expectWarning(
+  'DeprecationWarning',
+  'Setting the TLS ServerName to an IP address is not permitted by ' +
+  'RFC 6066. This will be ignored in a future version.',
+  'DEP0123'
+);
+
+{
+  const options = {
+    key: fixtures.readKey('agent1-key.pem'),
+    cert: fixtures.readKey('agent1-cert.pem')
+  };
+
+  const server = tls.createServer(options, function(s) {
+    s.end('hello');
+  }).listen(0, function() {
+    const client = tls.connect({
+      port: this.address().port,
+      rejectUnauthorized: false,
+      servername: '127.0.0.1',
+    }, function() {
+      client.end();
+    });
+  });
+
+  server.on('connection', common.mustCall(function(socket) {
+    server.close();
+  }));
+}