http: `servername === false` should disable SNI

There is no way to disable SNI extension when sending a request to HTTPS
server. Setting `options.servername` to a falsy value would make Node.js
core override it with either hostname or ip address.

This change introduces a way to disable SNI completely if this is
required for user's application. Setting `options.servername` to ``
in `https.request` would disable overrides and thus disable the
extension.

PR-URL: https://github.com/nodejs/node/pull/27316
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>

3 files changed, 24 insertions, 6 deletions

diff --git a/doc/api/https.md b/doc/api/https.md
index 95e7e715c3..9b6ec83a6e 100644
--- a/doc/api/https.md
+++ b/doc/api/https.md
@@ -29,6 +29,10 @@ An [`Agent`][] object for HTTPS similar to [`http.Agent`][]. See
   Can have the same fields as for [`http.Agent(options)`][], and
   * `maxCachedSessions` {number} maximum number of TLS cached sessions.
     Use `0` to disable TLS session caching. **Default:** `100`.
+  * `servername` {string} the value of
+    [Server Name Indication extension][sni wiki] to be sent to the server. Use
+    empty string `''` to disable sending the extension.
+    **Default:** hostname or IP address of the target server.
 
     See [`Session Resumption`][] for infomation about TLS session reuse.
 
@@ -406,3 +410,4 @@ headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; p
 [`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_options
 [`tls.createServer()`]: tls.html#tls_tls_createserver_options_secureconnectionlistener
 [`Session Resumption`]: tls.html#tls_session_resumption
+[sni wiki]: https://en.wikipedia.org/wiki/Server_Name_Indication
diff --git a/lib/_http_agent.js b/lib/_http_agent.js
index 32dbf27abc..eb98f2b0bd 100644
--- a/lib/_http_agent.js
+++ b/lib/_http_agent.js
@@ -151,7 +151,7 @@ Agent.prototype.addRequest = function addRequest(req, options, port/* legacy */,
   if (options.socketPath)
     options.path = options.socketPath;
 
-  if (!options.servername)
+  if (!options.servername && options.servername !== '')
     options.servername = calculateServerName(options, req);
 
   const name = this.getName(options);
@@ -198,7 +198,7 @@ Agent.prototype.createSocket = function createSocket(req, options, cb) {
   if (options.socketPath)
     options.path = options.socketPath;
 
-  if (!options.servername)
+  if (!options.servername && options.servername !== '')
     options.servername = calculateServerName(options, req);
 
   const name = this.getName(options);
diff --git a/test/parallel/test-https-agent-sni.js b/test/parallel/test-https-agent-sni.js
index 80278ed2d8..1ddeff7ce2 100644
--- a/test/parallel/test-https-agent-sni.js
+++ b/test/parallel/test-https-agent-sni.js
@@ -18,9 +18,12 @@ let waiting = TOTAL;
 const server = https.Server(options, function(req, res) {
   if (--waiting === 0) server.close();
 
-  res.writeHead(200, {
-    'x-sni': req.socket.servername
-  });
+  const servername = req.socket.servername;
+
+  if (servername !== false) {
+    res.setHeader('x-sni', servername);
+  }
+
   res.end('hello world');
 });
 
@@ -28,7 +31,8 @@ server.listen(0, function() {
   function expectResponse(id) {
     return common.mustCall(function(res) {
       res.resume();
-      assert.strictEqual(res.headers['x-sni'], `sni.${id}`);
+      assert.strictEqual(res.headers['x-sni'],
+                         id === false ? undefined : `sni.${id}`);
     });
   }
 
@@ -46,4 +50,13 @@ server.listen(0, function() {
       rejectUnauthorized: false
     }, expectResponse(j));
   }
+  https.get({
+    agent: agent,
+
+    path: '/',
+    port: this.address().port,
+    host: '127.0.0.1',
+    servername: '',
+    rejectUnauthorized: false
+  }, expectResponse(false));
 });