Handle unauthorized TLS connections correctly

2025-02-14 13:06:08 -08:00 · 2025-02-14 13:06:08 -08:00 · b44b14d831
parent bb6fff7ff5
commit b44b14d831
2 changed files with 10 additions and 2 deletions
--- a/packages/grpc-js/src/channel-credentials.ts
+++ b/packages/grpc-js/src/channel-credentials.ts
@ -262,6 +262,10 @@ class SecureConnectorImpl implements SecureConnector {
    };
    return new Promise<SecureConnectResult>((resolve, reject) => {
      const tlsSocket = tlsConnect(tlsConnectOptions, () => {
+        if (!tlsSocket.authorized) {
+          reject(tlsSocket.authorizationError);
+          return;
+        }
        resolve({
          socket: tlsSocket,
          secure: true
@ -340,6 +344,10 @@ class CertificateProviderChannelCredentialsImpl extends ChannelCredentials {
          ...connnectionOptions
        }
        const tlsSocket = tlsConnect(tlsConnectOptions, () => {
+          if (!tlsSocket.authorized) {
+            reject(tlsSocket.authorizationError);
+            return;
+          }
          resolve({
            socket: tlsSocket,
            secure: true
--- a/packages/grpc-js/src/transport.ts
+++ b/packages/grpc-js/src/transport.ts
@ -225,8 +225,8 @@ class Http2Transport implements Transport {
      this.handleDisconnect();
    });

-    session.socket.once('close', () => {
-      this.trace('connection closed');
+    session.socket.once('close', (hadError) => {
+      this.trace('connection closed. hadError=' + hadError);
      this.handleDisconnect();
    });