tunnel.removeSocket needs to be overridden for secure Sockets

[frooble]

For httpsOverHttp and httpsOverHttps tunnels, createSocket method is replaced with createSecureSocket which adds the actual socket as a member of the object returned from tls.connect. Subsequent processing places listeners on this tls connection object and not on the underlying socket. When these listener callbacks invoke removeSocket, they end up providing the tls.connect object as an argument and not the actual underlying socket.

The removeSocket looks for a match of the provided tls.connect object to an element in the array in order to find the one to remove. However, since the actual underyling transport socket is what is placed in the sockets member array, no match is found, nothing is removed, and eventually the sockets array fills up to the maxSockets length and subsequent requests will be queued permanently.

Recommending providing a removeSecureSocket method

function removeSecureSocket (secureSocket) {
    var self = this; 
    TunnelingAgent.prototype.removeSocket.call(self, secureSocket);
}

And then replacing the removeSocket method for httpsOverHttp and httpsOverHttps instances with the secure socket version (essentially mirroring what is done for createSocket)

function httpsOverHttp(options) {
  var agent = new TunnelingAgent(options);
  agent.request = https.request;
  agent.createSocket = createSecureSocket;
  agent.removeSocket = removeSecureSocket;
  return agent;
}

function httpsOverHttps(options) {
  var agent = new TunnelingAgent(options);
  agent.request = https.request;
  agent.createSocket = createSecureSocket;
  agent.removeSocket = removeSecureSocket;
  return agent;
}

[koichik]

@frooble - Thanks! Fixed in da4c509.