tls: do not hang without newSession handler

lib/_tls_legacy.js

@@ -662,14 +662,17 @@ function onnewsession(key, session) {
   var self = this;
   var once = false;
 
-  self.server.emit('newSession', key, session, function() {
+  if (!self.server.emit('newSession', key, session, done))
+    done();
+
+  function done() {
     if (once)
       return;
     once = true;
 
     if (self.ssl)
       self.ssl.newSessionDone();
-  });
+  };
 }
 
 

lib/_tls_wrap.js

@@ -201,7 +201,10 @@ function onnewsession(key, session) {
   var once = false;
 
   this._newSessionPending = true;
-  this.server.emit('newSession', key, session, function() {
+  if (!this.server.emit('newSession', key, session, done))
+    done();
+
+  function done() {
     if (once)
       return;
     once = true;
@@ -212,7 +215,7 @@ function onnewsession(key, session) {
     if (self._securePending)
       self._finishInit();
     self._securePending = false;
-  });
+  }
 }
 
 

test/simple/test-tls-new-session-hang.js

@@ -0,0 +1,42 @@
+var common = require('../common');
+
+if (!process.features.tls_ocsp) {
+  console.error('Skipping because node compiled without OpenSSL or ' +
+                'with old OpenSSL version.');
+  process.exit(0);
+}
+
+var assert = require('assert');
+var tls = require('tls');
+var constants = require('constants');
+var fs = require('fs');
+var join = require('path').join;
+
+var keyFile = join(common.fixturesDir, 'keys', 'agent1-key.pem');
+var certFile = join(common.fixturesDir, 'keys', 'agent1-cert.pem');
+var caFile = join(common.fixturesDir, 'keys', 'ca1-cert.pem');
+var key = fs.readFileSync(keyFile);
+var cert = fs.readFileSync(certFile);
+
+var server = tls.createServer({
+  cert: cert,
+  key: key
+}, function (socket) {
+  socket.destroySoon();
+});
+
+server.on('resumeSession', common.mustCall(function() {
+  // Should not be actually called
+}, 0));
+
+server.listen(common.PORT, function() {
+  var client = tls.connect({
+    rejectUnauthorized: false,
+    port: common.PORT,
+
+    // Just to make sure that `newSession` is going to be called
+    secureOptions: constants.SSL_OP_NO_TICKET
+  }, function() {
+    server.close();
+  });
+});

test/simple/test-tls-ocsp-callback.js

@@ -31,16 +31,19 @@ if (!common.opensslCli) {
   process.exit(0);
 }
 
+var assert = require('assert');
+var tls = require('tls');
+var constants = require('constants');
+var fs = require('fs');
+var join = require('path').join;
+
 test({ response: false }, function() {
-  test({ response: 'hello world' });
+  test({ response: 'hello world' }, function() {
+    test({ ocsp: false });
+  });
 });
 
 function test(testOptions, cb) {
-  var assert = require('assert');
-  var tls = require('tls');
-  var fs = require('fs');
-  var join = require('path').join;
-  var spawn = require('child_process').spawn;
 
   var keyFile = join(common.fixturesDir, 'keys', 'agent1-key.pem');
   var certFile = join(common.fixturesDir, 'keys', 'agent1-cert.pem');
@@ -54,6 +57,7 @@ function test(testOptions, cb) {
     ca: [ca]
   };
   var requestCount = 0;
+  var clientSecure = 0;
   var ocspCount = 0;
   var ocspResponse;
   var session;
@@ -83,9 +87,12 @@ function test(testOptions, cb) {
   server.listen(common.PORT, function() {
     var client = tls.connect({
       port: common.PORT,
-      requestOCSP: true,
+      requestOCSP: testOptions.ocsp !== false,
+      secureOptions: testOptions.ocsp === false ?
+          constants.SSL_OP_NO_TICKET : 0,
       rejectUnauthorized: false
     }, function() {
+      clientSecure++;
     });
     client.on('OCSPResponse', function(resp) {
       ocspResponse = resp;
@@ -98,12 +105,19 @@ function test(testOptions, cb) {
   });
 
   process.on('exit', function() {
+    if (testOptions.ocsp === false) {
+      assert.equal(requestCount, clientSecure);
+      assert.equal(requestCount, 1);
+      return;
+    }
+
     if (testOptions.response) {
       assert.equal(ocspResponse.toString(), testOptions.response);
     } else {
       assert.ok(ocspResponse === null);
     }
     assert.equal(requestCount, testOptions.response ? 0 : 1);
+    assert.equal(clientSecure, requestCount);
     assert.equal(ocspCount, 1);
   });
 }