From 31fa834e699fac4f39445f156685673d6dbe39e7 Mon Sep 17 00:00:00 2001
From: Kun Zhou <kun.zhou@airtable.com>
Date: Thu, 19 Oct 2023 13:12:06 -0700
Subject: [PATCH] Fix server identity check

---
 lib/connection.js | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/lib/connection.js b/lib/connection.js
index 12c0b8bb12..0174979c85 100644
--- a/lib/connection.js
+++ b/lib/connection.js
@@ -365,19 +365,14 @@ class Connection extends EventEmitter {
       secureContext,
       isServer: false,
       socket: this.stream,
-      servername
-    }, () => {
-      secureEstablished = true;
-      if (rejectUnauthorized) {
-        if (typeof servername === 'string' && verifyIdentity) {
-          const cert = secureSocket.getPeerCertificate(true);
-          const serverIdentityCheckError = Tls.checkServerIdentity(servername, cert);
-          if (serverIdentityCheckError) {
-            onSecure(serverIdentityCheckError);
-            return;
-          }
+      servername,
+      checkServerIdentity: (servername, cert) => {
+        if (rejectUnauthorized && typeof servername === 'string' && verifyIdentity) {
+          return Tls.checkServerIdentity(servername, cert);
         }
       }
+    }, () => {
+      secureEstablished = true;
       onSecure();
     });
     // error handler for secure socket
@@ -408,7 +403,7 @@ class Connection extends EventEmitter {
     err.code = code || 'PROTOCOL_ERROR';
     this.emit('error', err);
   }
-  
+
   get fatalError() {
     return this._fatalError;
   }