yujunjun/playwright
1
0
Fork 0
mirror of https://github.com/microsoft/playwright.git synced 2025-06-26 21:40:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(client-certificates): pass TLS servername for SNI (#31761)

Browse Source
This commit is contained in:
Max Schmitt 2024-07-19 12:55:20 +02:00 committed by GitHub
parent 0ecae56750
commit f104e920e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts
View File

@ -14,7 +14,7 @@
* limitations under the License. * limitations under the License.
*/ */
import type net from 'net'; import net from 'net';
import path from 'path'; import path from 'path';
import type https from 'https'; import type https from 'https';
import fs from 'fs'; import fs from 'fs';
@ -100,9 +100,13 @@ class SocksProxyConnection {
const tlsOptions: tls.ConnectionOptions = { const tlsOptions: tls.ConnectionOptions = {
socket: this.target, socket: this.target,
host: this.host,
port: this.port,
rejectUnauthorized: !this.socksProxy.ignoreHTTPSErrors, rejectUnauthorized: !this.socksProxy.ignoreHTTPSErrors,
...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}/`), ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}/`),
}; };
if (!net.isIP(this.host))
tlsOptions.servername = this.host;
if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest()) if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest())
tlsOptions.ca = [fs.readFileSync(process.env.PWTEST_UNSUPPORTED_CUSTOM_CA)]; tlsOptions.ca = [fs.readFileSync(process.env.PWTEST_UNSUPPORTED_CUSTOM_CA)];
const targetTLS = tls.connect(tlsOptions); const targetTLS = tls.connect(tlsOptions);

5
tests/library/client-certificates.spec.ts
View File

@ -31,7 +31,10 @@ const test = base.extend<{ serverURL: string, serverURLRewrittenToLocalhost: str
requestCert: true, requestCert: true,
rejectUnauthorized: false, rejectUnauthorized: false,
}, (req, res) => { }, (req, res) => {
const cert = (req.socket as import('tls').TLSSocket).getPeerCertificate(); const tlsSocket = req.socket as import('tls').TLSSocket;
// @ts-expect-error
expect(['localhost', 'local.playwright'].includes((tlsSocket).servername)).toBe(true);
const cert = tlsSocket.getPeerCertificate();
if ((req as any).client.authorized) { if ((req as any).client.authorized) {
res.writeHead(200, { 'Content-Type': 'text/html' }); res.writeHead(200, { 'Content-Type': 'text/html' });
res.end(`Hello ${cert.subject.CN}, your certificate was issued by ${cert.issuer.CN}!`); res.end(`Hello ${cert.subject.CN}, your certificate was issued by ${cert.issuer.CN}!`);