tls default SNICallback should Check the servername and select the appropriate secure context in Reverse order

[masx200]

Checklist

• [x ] make -j4 test (UNIX), or vcbuild test (Windows) passes
• [ x] tests and/or benchmarks are included
• [ x] documentation is changed or added
• [ x] commit message follows commit guidelines

tls default SNICallback should Check the servername and select the appropriate secure context in Reverse order

This is useful on HTTPS servers that need to replace ssl/tls certificates frequently, such as using "let's encrypt". When the certificate needs to be replaced, you don't want to restart the HTTPS server, you just need to replace the certificate and key.

If multiple secure contexts are added to the same domain name, the last one added should take effect

 const server = https.createServer();
const hostname = 'foo.bar.com';
const keypath = 'key.pem';
const certpath = 'cert.pem';
function debounce(callback, timeout) {
    let timer;
    return function (...args) {
        timer && clearTimeout(timer);
        timer = setTimeout(callback, timeout, ...args);
    };
}
const reloadcertkey = debounce(function () {
    let key = fs.readFileSync(keypath);
    let cert = fs.readFileSync(certpath);
    let context = tls.createSecureContext({
        key,
        cert
    });
    server.addContext(hostname, context);
}, 1000);
reloadcertkey();
fs.watch(keypath, reloadcertkey);
fs.watch(certpath, reloadcertkey);

[addaleax]

This fixes #34110, right? Can you add a Fixes: https://github.com/nodejs/node/issues/34110 line to the the commit message, and run make lint-js-fix to address the linter errors here?

[addaleax]

/cc @mkrawczuk

[masx200]

Fixes: #34110

[masx200]

servername should also be case-insensitive.

[lpinca]

Can you add a test?

[masx200]

Can you add a test?

I don’t know much about writing tests. Can you ask someone to write tests?

[masx200]

#34451

[rickyes]

Can you add a test?

I don’t know much about writing tests. Can you ask someone to write tests?

@masx200 The test cases and features/fixes are usually in the same PR, you can try to write them by referring to an existing test case, the test folder is test/parallel, you can find the corresponding module according to the file name, take your time.

[mkrawczuk]

I have reported a relevant issue some time ago (#34110). I've been working on a PR but got dragged away by other projects. A proper solution, with tests and documentation, can be found in PR #34638

[masx200]

@mkrawczuk we should not use Array.prototype.reverse(),This method will change the original array, which produces unnecessary side effects and will cause a great performance loss.

[masx200]

@mkrawczuk

Since we are solving the same problem, could you help me write a test for this pull request?

[aduh95]

@masx200 There are linter errors that need fixing.

[github-actions]

This issue/PR was marked as stalled, it will be automatically closed in 30 days. If it should remain open, please leave a comment explaining why it should remain open.

[masx200]

#34638

There is already the same pr to solve this problem