Merge pull request #1381 from murgatroid99/grpc-js_proxy_fixes_final

grpc-js: Fix the final proxy bugs

packages/grpc-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@grpc/grpc-js",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "gRPC Library for Node - pure JS implementation",
   "homepage": "https://grpc.io/",
   "repository": "https://github.com/grpc/grpc-node/tree/master/packages/grpc-js",

packages/grpc-js/src/channel-credentials.ts

@@ -211,7 +211,8 @@ class SecureChannelCredentialsImpl extends ChannelCredentials {
   }
 
   _getConnectionOptions(): ConnectionOptions | null {
-    return this.connectionOptions;
+    // Copy to prevent callers from mutating this.connectionOptions
+    return { ...this.connectionOptions };
   }
   _isSecure(): boolean {
     return true;

packages/grpc-js/src/http_proxy.ts

@@ -147,9 +147,9 @@ export function mapProxyName(
     extraOptions['grpc.http_connect_creds'] = proxyInfo.creds;
   }
   return {
-    target: { 
+    target: {
       scheme: 'dns',
-      path: proxyInfo.address
+      path: proxyInfo.address,
     },
     extraOptions: extraOptions,
   };
@@ -207,23 +207,33 @@ export function getProxiedConnection(
             ' through proxy ' +
             proxyAddressString
         );
-        resolve({
-          socket,
-          realTarget: parsedTarget,
-        });
         if ('secureContext' in connectionOptions) {
           /* The proxy is connecting to a TLS server, so upgrade this socket
            * connection to a TLS connection.
            * This is a workaround for https://github.com/nodejs/node/issues/32922
            * See https://github.com/grpc/grpc-node/pull/1369 for more info. */
-          const cts = tls.connect({
-              ...connectionOptions,
-              host: getDefaultAuthority(parsedTarget),
+          const remoteHost = getDefaultAuthority(parsedTarget);
+
+          const cts = tls.connect(
+            {
+              host: remoteHost,
+              servername: remoteHost,
               socket: socket,
-            }, () => {
+              ...connectionOptions,
+            },
+            () => {
+              trace(
+                'Successfully established a TLS connection to ' +
+                  options.path +
+                  ' through proxy ' +
+                  proxyAddressString
+              );
               resolve({ socket: cts, realTarget: parsedTarget });
             }
           );
+          cts.on('error', () => {
+            reject();
+          });
         } else {
           resolve({
             socket,

packages/grpc-js/src/subchannel.ts

@@ -322,10 +322,11 @@ export class Subchannel {
       };
     }
 
-    connectionOptions = Object.assign(
-      connectionOptions,
-      this.subchannelAddress
-    );
+    connectionOptions = {
+      ...connectionOptions,
+      ...this.subchannelAddress,
+    };
+
     /* http2.connect uses the options here:
      * https://github.com/nodejs/node/blob/70c32a6d190e2b5d7b9ff9d5b6a459d14e8b7d59/lib/internal/http2/core.js#L3028-L3036
      * The spread operator overides earlier values with later ones, so any port