lib: add TLSSocket default error handler

RafaelGSS · RafaelGSS · commit f0a891688716 · 2026-01-05T15:02:41.000-03:00
This prevents the server from crashing due to an unhandled rejection when a TLSSocket connection is abruptly destroyed during initialization and the user has not attached an error handler to the socket. e.g: ```js const server = http2.createSecureServer({ ... }) server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ``` PR-URL: nodejs-private/node-private#750 Fixes: #44751 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=3262404 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> CVE-ID: CVE-2025-59465
diff --git a/lib/internal/tls/wrap.js b/lib/internal/tls/wrap.js
@@ -1251,6 +1251,7 @@ function tlsConnectionListener(rawSocket) {
   socket[kErrorEmitted] = false;
   socket.on('close', onSocketClose);
   socket.on('_tlsError', onSocketTLSError);
+  socket.on('error', onSocketTLSError);
 }
 
 // AUTHENTICATION MODES

Original file line number	Diff line number	Diff line change
`@@ -1251,6 +1251,7 @@ function tlsConnectionListener(rawSocket) {`
`1251`	`1251`	`socket[kErrorEmitted] = false;`
`1252`	`1252`	`socket.on('close', onSocketClose);`
`1253`	`1253`	`socket.on('_tlsError', onSocketTLSError);`
	`1254`	`+ socket.on('error', onSocketTLSError);`
`1254`	`1255`	`}`
`1255`	`1256`
`1256`	`1257`	`// AUTHENTICATION MODES`