From 2991409772223394178f5464bd493699775d053d Mon Sep 17 00:00:00 2001
From: Piotr Bulawa <piotr.bulawa@snowflake.com>
Date: Fri, 22 Sep 2023 14:38:52 +0200
Subject: [PATCH 1/3] Fix getPeerCertificate

---
 lib/agent/socket_util.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/agent/socket_util.js b/lib/agent/socket_util.js
index 2d67a6daa..1b5e5fdea 100644
--- a/lib/agent/socket_util.js
+++ b/lib/agent/socket_util.js
@@ -72,7 +72,7 @@ exports.secureSocket = function (socket, host, agent, mock)
   const validate = function ()
   {
     // stop listening for the secure event
-    socket.removeListener('secure', validate);
+    socket.removeListener('secureConnect', validate);
 
     Logger.getInstance().trace('socket reused = %s', socket.isSessionReused());
 
@@ -86,10 +86,11 @@ exports.secureSocket = function (socket, host, agent, mock)
     {
       if (!socket.authorized)
       {
-        return socket;
+        Logger.getInstance().error('Socket is not authorized: %s', socket.authorizationError);
+        return socket.destroy(socket.authorizationError);
       }
       // use ocsp to make sure the entire certificate chain can be trusted
-      const certChain = socket.ssl.getPeerCertificate(true);
+      const certChain = socket.getPeerCertificate(true);
       const vcc = mock ? mock.validateCertChain : validateCertChain;
 
       vcc(certChain, function (err)
@@ -111,7 +112,7 @@ exports.secureSocket = function (socket, host, agent, mock)
   };
 
   // when the socket is secure, perform additional validation
-  socket.on('secure', validate);
+  socket.on('secureConnect', validate);
 
   // block all writes until validation is complete
   socket.cork();

From 9526f34e5e1369a8495a57ad86439c72d58e9fc2 Mon Sep 17 00:00:00 2001
From: Piotr Bulawa <piotr.bulawa@snowflake.com>
Date: Fri, 22 Sep 2023 15:25:45 +0200
Subject: [PATCH 2/3] Create const for secure event

---
 lib/agent/socket_util.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/agent/socket_util.js b/lib/agent/socket_util.js
index 1b5e5fdea..e3868a652 100644
--- a/lib/agent/socket_util.js
+++ b/lib/agent/socket_util.js
@@ -18,6 +18,8 @@ const ocspFailOpenWarning =
   'without OCSP based Certificated Revocation checking as it could not obtain a valid OCSP Response to use from ' +
   'the CA OCSP responder. Details: ';
 
+const socketSecuredEvent = 'secureConnect';
+
 const rawOcspFlag =
   process.env.SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED;
 
@@ -72,7 +74,7 @@ exports.secureSocket = function (socket, host, agent, mock)
   const validate = function ()
   {
     // stop listening for the secure event
-    socket.removeListener('secureConnect', validate);
+    socket.removeListener(socketSecuredEvent, validate);
 
     Logger.getInstance().trace('socket reused = %s', socket.isSessionReused());
 
@@ -112,7 +114,7 @@ exports.secureSocket = function (socket, host, agent, mock)
   };
 
   // when the socket is secure, perform additional validation
-  socket.on('secureConnect', validate);
+  socket.on(socketSecuredEvent, validate);
 
   // block all writes until validation is complete
   socket.cork();

From db7da9df237f1e15b55a9966e2a4ef189b543c73 Mon Sep 17 00:00:00 2001
From: Piotr Bulawa <piotr.bulawa@snowflake.com>
Date: Fri, 22 Sep 2023 15:38:29 +0200
Subject: [PATCH 3/3] Changed log level from error to warn

---
 lib/agent/socket_util.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/agent/socket_util.js b/lib/agent/socket_util.js
index e3868a652..fbeb9dfca 100644
--- a/lib/agent/socket_util.js
+++ b/lib/agent/socket_util.js
@@ -88,7 +88,7 @@ exports.secureSocket = function (socket, host, agent, mock)
     {
       if (!socket.authorized)
       {
-        Logger.getInstance().error('Socket is not authorized: %s', socket.authorizationError);
+        Logger.getInstance().warn('Socket is not authorized: %s', socket.authorizationError);
         return socket.destroy(socket.authorizationError);
       }
       // use ocsp to make sure the entire certificate chain can be trusted