From d5d2fa386a60c4a93c7f85fdb3b27c2294e5eed1 Mon Sep 17 00:00:00 2001
From: Deokjin Kim <deokjin81.kim@gmail.com>
Date: Wed, 27 Sep 2023 23:46:26 +0900
Subject: [PATCH 1/2] tls: use validateFunction for
 `options.checkServerIdentity`

If user uses invalid type for `options.checkServerIdentity`
in tls.connect(), it's not internal issue of Node.js. So
validateFunction() is more proper than assert().

Fixes: https://github.com/nodejs/node/issues/49839
---
 lib/_tls_wrap.js                            | 2 +-
 test/parallel/test-tls-basic-validations.js | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c2dd958f95106e..a5be90a4a1583f 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1738,7 +1738,7 @@ exports.connect = function connect(...args) {
   if (!options.keepAlive)
     options.singleUse = true;
 
-  assert(typeof options.checkServerIdentity === 'function');
+  validateFunction(options.checkServerIdentity, 'options.checkServerIdentity');
   assert(typeof options.minDHSize === 'number',
          'options.minDHSize is not a number: ' + options.minDHSize);
   assert(options.minDHSize > 0,
diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js
index 4a3aab314680ac..c2e75f9f7f477b 100644
--- a/test/parallel/test-tls-basic-validations.js
+++ b/test/parallel/test-tls-basic-validations.js
@@ -135,3 +135,12 @@ assert.throws(() => { tls.createSecureContext({ maxVersion: 'fhqwhgads' }); },
                 code: 'ERR_TLS_INVALID_PROTOCOL_VERSION',
                 name: 'TypeError'
               });
+
+[undefined, null, 1, true].forEach((value) => {
+  assert.throws(() => {
+    tls.connect({ checkServerIdentity: value });
+  }, {
+    code: 'ERR_INVALID_ARG_TYPE',
+    name: 'TypeError',
+  });
+});

From 9ca4271b43ee5ac3b1c449de8845a0333df97c92 Mon Sep 17 00:00:00 2001
From: Deokjin Kim <deokjin81.kim@gmail.com>
Date: Thu, 28 Sep 2023 08:23:10 +0900
Subject: [PATCH 2/2] Update test/parallel/test-tls-basic-validations.js
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Tobias Nießen <tniessen@tnie.de>
---
 test/parallel/test-tls-basic-validations.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js
index c2e75f9f7f477b..64ae23758f2353 100644
--- a/test/parallel/test-tls-basic-validations.js
+++ b/test/parallel/test-tls-basic-validations.js
@@ -136,11 +136,11 @@ assert.throws(() => { tls.createSecureContext({ maxVersion: 'fhqwhgads' }); },
                 name: 'TypeError'
               });
 
-[undefined, null, 1, true].forEach((value) => {
+for (const checkServerIdentity of [undefined, null, 1, true]) {
   assert.throws(() => {
-    tls.connect({ checkServerIdentity: value });
+    tls.connect({ checkServerIdentity });
   }, {
     code: 'ERR_INVALID_ARG_TYPE',
     name: 'TypeError',
   });
-});
+}