Cannot use checkServerIdentity with grpc.ssl_target_name_override

[RickyB98]

Problem description

Setting grpc.ssl_target_name_override uses the checkServerIdentity function to check the certificate against a different hostname. However, this makes it impossible to specify a custom checkServerIdentity function to perform extra checks.

Reproduction steps

• generate typescript code from proto (I used protoc-gen-ts, client class signature was export class SomeClient extends grpc_1.makeGenericClientConstructor(UnimplementedNodeManagerService.definition, "Some", {}) { ...)
• initialize the client with TLS (createSsl(..., { checkServerIdentity: () => { console.log('got here'); return undefined; } }) or analogously with createFromSecureContext;
• connect to a server ensuring all certificates are in order;
• observe connection is successful but 'got here' does not get printed.

Environment

• OS name, version and architecture: macOS Sonoma 14.2.1
• Node version: v21.7.1
• Node installation method: brew (I think?)
• If applicable, compiler version: N/A
• Package name and version: @grpc/grpc-js 1.10.4

Additional context

I'm trying to specify a custom checkServerIdentity function to extract some data from the server's certificate. Perhaps it's not the way to do it, but that's how I came across this. Not sure if this is expected but surely threw me off and had me stuck for a while trying to trace back the piece of code that calls/overrides the function.

[murgatroid99]

A fix for this is out in version 1.10.5. I do want to note a couple of things:

1. The grpc.ssl_target_name_override is intended only for use in tests, because it bypasses one of the basic validation steps in TLS.
2. The custom checkServerIdentity function overrides the default behavior of verifying that the certificate is issued to the host. If you just want to use it to get information without changing that behavior, you should delegate to tls.checkServerIdentity to get the return value instead of just returning undefined.