Invalid HTTP/2 origin set when servername is empty

[szmarczak]

Version

v16.8.0

Platform

Linux solus 5.13.12-193.current #1 SMP PREEMPT Fri Aug 20 14:21:44 UTC 2021 x86_64 GNU/Linux

Subsystem

http2

What steps will reproduce the bug?

const http2 = require('http2');

const session = http2.connect('https://1.1.1.1', {servername: ''});
session.once('remoteSettings', () => {
  console.log(session.originSet);

  session.close();
});

How often does it reproduce? Is there a required condition?

Always.

What is the expected behavior?

[ 'https://1.1.1.1' ]

What do you see instead?

[ 'https://false' ]

Additional information

const http2 = require('http2');

const session = http2.connect('https://1.1.1.1');
session.once('remoteSettings', () => {
  console.log(session.originSet);

  session.close();
});

gives a warning

(node:36333) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Use `node --trace-deprecation ...` to show where the warning was created)
[ 'https://1.1.1.1' ]

/cc @ronag

[Narasimha1997]

@szmarczak
According to the additional information you have provided, this is the intended behaviour, the server name is supposed to be a valid domain name in the SSL certificate. Using IP addresses in the SSL certificate is not encouraged.

However, this is just an additional information. The original bug remains a bug. Maybe somewhere the empty servername property is being substituted without checking its value, which is resulting in https://false. Weird haha.

[Narasimha1997]

#39934 seems to fix this bug.