Skip to content

Commit

Permalink
tls: move getAllowUnauthorized to internal/options
Browse files Browse the repository at this point in the history
Make it so that the allow unauthorized warning can be easily reused
by the QUIC impl once that lands.

Extracted from #32379

Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: #32917
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
jasnell authored and BridgeAR committed Apr 28, 2020
1 parent 4432bb2 commit bfa19c4
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 13 deletions.
17 changes: 5 additions & 12 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,10 @@ const {
ERR_TLS_INVALID_STATE
} = codes;
const { onpskexchange: kOnPskExchange } = internalBinding('symbols');
const { getOptionValue } = require('internal/options');
const {
getOptionValue,
getAllowUnauthorized,
} = require('internal/options');
const {
validateString,
validateBuffer,
Expand Down Expand Up @@ -1540,22 +1543,12 @@ function onConnectEnd() {
}
}

let warnOnAllowUnauthorized = true;

// Arguments: [port,] [host,] [options,] [cb]
exports.connect = function connect(...args) {
args = normalizeConnectArgs(args);
let options = args[0];
const cb = args[1];
const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';

if (allowUnauthorized && warnOnAllowUnauthorized) {
warnOnAllowUnauthorized = false;
process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
'environment variable to \'0\' makes TLS connections ' +
'and HTTPS requests insecure by disabling ' +
'certificate verification.');
}
const allowUnauthorized = getAllowUnauthorized();

options = {
rejectUnauthorized: !allowUnauthorized,
Expand Down
19 changes: 18 additions & 1 deletion lib/internal/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
const { getOptions } = internalBinding('options');
const { options, aliases } = getOptions();

let warnOnAllowUnauthorized = true;

function getOptionValue(option) {
const result = options.get(option);
if (!result) {
Expand All @@ -11,8 +13,23 @@ function getOptionValue(option) {
return result.value;
}

function getAllowUnauthorized() {
const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';

if (allowUnauthorized && warnOnAllowUnauthorized) {
warnOnAllowUnauthorized = false;
process.emitWarning(
'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
'environment variable to \'0\' makes TLS connections ' +
'and HTTPS requests insecure by disabling ' +
'certificate verification.');
}
return allowUnauthorized;
}

module.exports = {
options,
aliases,
getOptionValue
getOptionValue,
getAllowUnauthorized,
};

0 comments on commit bfa19c4

Please sign in to comment.