Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: move getAllowUnauthorized to internal/options #32917

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 5 additions & 12 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,10 @@ const {
ERR_TLS_INVALID_STATE
} = codes;
const { onpskexchange: kOnPskExchange } = internalBinding('symbols');
const { getOptionValue } = require('internal/options');
const {
getOptionValue,
getAllowUnauthorized,
} = require('internal/options');
const {
validateString,
validateBuffer,
Expand Down Expand Up @@ -1533,22 +1536,12 @@ function onConnectEnd() {
}
}

let warnOnAllowUnauthorized = true;

// Arguments: [port,] [host,] [options,] [cb]
exports.connect = function connect(...args) {
args = normalizeConnectArgs(args);
let options = args[0];
const cb = args[1];
const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';

if (allowUnauthorized && warnOnAllowUnauthorized) {
warnOnAllowUnauthorized = false;
process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
'environment variable to \'0\' makes TLS connections ' +
'and HTTPS requests insecure by disabling ' +
'certificate verification.');
}
const allowUnauthorized = getAllowUnauthorized();

options = {
rejectUnauthorized: !allowUnauthorized,
Expand Down
19 changes: 18 additions & 1 deletion lib/internal/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
const { getOptions } = internalBinding('options');
const { options, aliases } = getOptions();

let warnOnAllowUnauthorized = true;

function getOptionValue(option) {
const result = options.get(option);
if (!result) {
Expand All @@ -11,8 +13,23 @@ function getOptionValue(option) {
return result.value;
}

function getAllowUnauthorized() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking nit: IMO the name isn't ideal since it also conditionally prints a warning. Unfortunately, an alternative name isn't coming to mind right away.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can rename later if one comes to mind

const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';

if (allowUnauthorized && warnOnAllowUnauthorized) {
warnOnAllowUnauthorized = false;
process.emitWarning(
'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
'environment variable to \'0\' makes TLS connections ' +
'and HTTPS requests insecure by disabling ' +
'certificate verification.');
}
return allowUnauthorized;
}

module.exports = {
options,
aliases,
getOptionValue
getOptionValue,
getAllowUnauthorized,
};