tls: fix SNICallback without .server option

`options.server` only needs to be set when its
contents are actually being inspected.

PR-URL: #17835
Reviewed-By: Timothy Gu <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>

Author: addaleax

lib/_tls_wrap.js

@@ -511,9 +511,8 @@ TLSSocket.prototype._init = function(socket, wrap) {
   if (process.features.tls_sni &&
       options.isServer &&
       options.SNICallback &&
-      options.server &&
       (options.SNICallback !== SNICallback ||
-       options.server._contexts.length)) {
+       (options.server && options.server._contexts.length))) {
     assert(typeof options.SNICallback === 'function');
     this._SNICallback = options.SNICallback;
     ssl.enableCertCb();

test/parallel/test-tls-socket-snicallback-without-server.js

@@ -0,0 +1,26 @@
+'use strict';
+
+// This is based on test-tls-securepair-fiftharg.js
+// for the deprecated `tls.createSecurePair()` variant.
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+const makeDuplexPair = require('../common/duplexpair');
+
+const { clientSide, serverSide } = makeDuplexPair();
+new tls.TLSSocket(serverSide, {
+  isServer: true,
+  SNICallback: common.mustCall((servername, cb) => {
+    assert.strictEqual(servername, 'www.google.com');
+  })
+});
+
+// captured traffic from browser's request to https://www.google.com
+const sslHello = fixtures.readSync('google_ssl_hello.bin');
+
+clientSide.write(sslHello);