From 12d76b8e8ef830f2137d8b192f082624b602e18e Mon Sep 17 00:00:00 2001
From: David Halls <dahalls@gmail.com>
Date: Sat, 2 May 2020 07:42:26 +0100
Subject: [PATCH] tls: reset secureConnecting on client socket

secureConnecting is never set to false on client TLS sockets.
So if Http2Session constructor (in lib/internal/http2/core.js) is
called after secureConnect is emitted, then it will wrongly wait
for a secureConnect event.

This fix sets secureConnecting to false when a client TLS socket
has connected.

Backport-PR-URL: https://github.com/nodejs/node/pull/34859
PR-URL: https://github.com/nodejs/node/pull/33209
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
---
 lib/_tls_wrap.js                    |  2 ++
 test/parallel/test-http2-connect.js | 34 ++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 154d6a0a1fd9ea..1982261b80e86b 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1523,10 +1523,12 @@ function onConnectSecure() {
     debug('client emit secureConnect. rejectUnauthorized: %s, ' +
           'authorizationError: %s', options.rejectUnauthorized,
           this.authorizationError);
+    this.secureConnecting = false;
     this.emit('secureConnect');
   } else {
     this.authorized = true;
     debug('client emit secureConnect. authorized:', this.authorized);
+    this.secureConnecting = false;
     this.emit('secureConnect');
   }
 
diff --git a/test/parallel/test-http2-connect.js b/test/parallel/test-http2-connect.js
index 6f62f55a93b7f2..9ee2e4347f600b 100644
--- a/test/parallel/test-http2-connect.js
+++ b/test/parallel/test-http2-connect.js
@@ -9,9 +9,11 @@ const {
 } = require('../common');
 if (!hasCrypto)
   skip('missing crypto');
+const fixtures = require('../common/fixtures');
 const assert = require('assert');
-const { createServer, connect } = require('http2');
+const { createServer, createSecureServer, connect } = require('http2');
 const { connect: netConnect } = require('net');
+const { connect: tlsConnect } = require('tls');
 
 // Check for session connect callback and event
 {
@@ -70,6 +72,36 @@ const { connect: netConnect } = require('net');
   connect(authority).on('error', () => {});
 }
 
+// Check for session connect callback on already connected TLS socket
+{
+  const serverOptions = {
+    key: fixtures.readKey('agent1-key.pem'),
+    cert: fixtures.readKey('agent1-cert.pem')
+  };
+  const server = createSecureServer(serverOptions);
+  server.listen(0, mustCall(() => {
+    const { port } = server.address();
+
+    const onSocketConnect = () => {
+      const authority = `https://localhost:${port}`;
+      const createConnection = mustCall(() => socket);
+      const options = { createConnection };
+      connect(authority, options, mustCall(onSessionConnect));
+    };
+
+    const onSessionConnect = (session) => {
+      session.close();
+      server.close();
+    };
+
+    const clientOptions = {
+      port,
+      rejectUnauthorized: false
+    };
+    const socket = tlsConnect(clientOptions, mustCall(onSocketConnect));
+  }));
+}
+
 // Check for error for init settings error
 {
   createServer(function() {