tls: allow client-side sockets to be half-opened

Make `tls.connect()` support an `allowHalfOpen` option which specifies
whether or not to allow the connection to be half-opened when the
`socket` option is not specified.

PR-URL: https://github.com/nodejs/node/pull/27836
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

2 files changed, 111 insertions, 0 deletions

diff --git a/test/parallel/test-tls-connect-allow-half-open-option.js b/test/parallel/test-tls-connect-allow-half-open-option.js
new file mode 100644
index 0000000000..46b4eeab89
--- /dev/null
+++ b/test/parallel/test-tls-connect-allow-half-open-option.js
@@ -0,0 +1,73 @@
+'use strict';
+
+const common = require('../common');
+
+// This test verifies that `tls.connect()` honors the `allowHalfOpen` option.
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const fixtures = require('../common/fixtures');
+const tls = require('tls');
+
+{
+  const socket = tls.connect({ lookup() {} });
+  assert.strictEqual(socket.allowHalfOpen, false);
+}
+
+{
+  const socket = tls.connect({ allowHalfOpen: false, lookup() {} });
+  assert.strictEqual(socket.allowHalfOpen, false);
+}
+
+const server = tls.createServer({
+  key: fixtures.readKey('agent1-key.pem'),
+  cert: fixtures.readKey('agent1-cert.pem'),
+}, common.mustCall((socket) => {
+  server.close();
+
+  let message = '';
+
+  socket.setEncoding('utf8');
+  socket.on('data', (chunk) => {
+    message += chunk;
+
+    if (message === 'Hello') {
+      socket.end(message);
+      message = '';
+    }
+  });
+
+  socket.on('end', common.mustCall(() => {
+    assert.strictEqual(message, 'Bye');
+  }));
+}));
+
+server.listen(0, common.mustCall(() => {
+  const socket = tls.connect({
+    port: server.address().port,
+    rejectUnauthorized: false,
+    allowHalfOpen: true,
+  }, common.mustCall(() => {
+    let message = '';
+
+    socket.on('data', (chunk) => {
+      message += chunk;
+    });
+
+    socket.on('end', common.mustCall(() => {
+      assert.strictEqual(message, 'Hello');
+
+      setTimeout(() => {
+        assert(socket.writable);
+        assert(socket.write('Bye'));
+        socket.end();
+      }, 50);
+    }));
+
+    socket.write('Hello');
+  }));
+
+  socket.setEncoding('utf8');
+}));
diff --git a/test/parallel/test-tls-socket-allow-half-open-option.js b/test/parallel/test-tls-socket-allow-half-open-option.js
new file mode 100644
index 0000000000..36449a6130
--- /dev/null
+++ b/test/parallel/test-tls-socket-allow-half-open-option.js
@@ -0,0 +1,38 @@
+'use strict';
+
+const common = require('../common');
+
+// Test the `allowHalfOpen` option of the `tls.TLSSocket` constructor.
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const net = require('net');
+const stream = require('stream');
+const tls = require('tls');
+
+{
+  // The option is ignored when the `socket` argument is a `net.Socket`.
+  const socket = new tls.TLSSocket(new net.Socket(), { allowHalfOpen: true });
+  assert.strictEqual(socket.allowHalfOpen, false);
+}
+
+{
+  // The option is ignored when the `socket` argument is a generic
+  // `stream.Duplex`.
+  const duplex = new stream.Duplex({ allowHalfOpen: false });
+  const socket = new tls.TLSSocket(duplex, { allowHalfOpen: true });
+  assert.strictEqual(socket.allowHalfOpen, false);
+}
+
+{
+  const socket = new tls.TLSSocket();
+  assert.strictEqual(socket.allowHalfOpen, false);
+}
+
+{
+  // The option is honored when the `socket` argument is not specified.
+  const socket = new tls.TLSSocket(undefined, { allowHalfOpen: true });
+  assert.strictEqual(socket.allowHalfOpen, true);
+}