Fix getPeerCertificate

snowflakedb · Sep 22, 2023 · 2991409 · 2991409
1 parent 48d2049
commit 2991409
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/lib/agent/socket_util.js b/lib/agent/socket_util.js
@@ -72,7 +72,7 @@ exports.secureSocket = function (socket, host, agent, mock)
   const validate = function ()
   {
     // stop listening for the secure event
-    socket.removeListener('secure', validate);
+    socket.removeListener('secureConnect', validate);
 
     Logger.getInstance().trace('socket reused = %s', socket.isSessionReused());
 
@@ -86,10 +86,11 @@ exports.secureSocket = function (socket, host, agent, mock)
     {
       if (!socket.authorized)
       {
-        return socket;
+        Logger.getInstance().error('Socket is not authorized: %s', socket.authorizationError);
+        return socket.destroy(socket.authorizationError);
       }
       // use ocsp to make sure the entire certificate chain can be trusted
-      const certChain = socket.ssl.getPeerCertificate(true);
+      const certChain = socket.getPeerCertificate(true);
       const vcc = mock ? mock.validateCertChain : validateCertChain;
 
       vcc(certChain, function (err)
@@ -111,7 +112,7 @@ exports.secureSocket = function (socket, host, agent, mock)
   };
 
   // when the socket is secure, perform additional validation
-  socket.on('secure', validate);
+  socket.on('secureConnect', validate);
 
   // block all writes until validation is complete
   socket.cork();