Skip to content

Commit

Permalink
tls: move getAllowUnauthorized to internal/options
Browse files Browse the repository at this point in the history
Make it so that the allow unauthorized warning can be easily reused
by the QUIC impl once that lands.

Extracted from #32379

Signed-off-by: James M Snell <[email protected]>

PR-URL: #32917
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
  • Loading branch information
jasnell committed Apr 22, 2020
1 parent 91ca221 commit 14aa313
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 13 deletions.
17 changes: 5 additions & 12 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,10 @@ const {
ERR_TLS_INVALID_STATE
} = codes;
const { onpskexchange: kOnPskExchange } = internalBinding('symbols');
const { getOptionValue } = require('internal/options');
const {
getOptionValue,
getAllowUnauthorized,
} = require('internal/options');
const {
validateString,
validateBuffer,
Expand Down Expand Up @@ -1533,22 +1536,12 @@ function onConnectEnd() {
}
}

let warnOnAllowUnauthorized = true;

// Arguments: [port,] [host,] [options,] [cb]
exports.connect = function connect(...args) {
args = normalizeConnectArgs(args);
let options = args[0];
const cb = args[1];
const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';

if (allowUnauthorized && warnOnAllowUnauthorized) {
warnOnAllowUnauthorized = false;
process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
'environment variable to \'0\' makes TLS connections ' +
'and HTTPS requests insecure by disabling ' +
'certificate verification.');
}
const allowUnauthorized = getAllowUnauthorized();

options = {
rejectUnauthorized: !allowUnauthorized,
Expand Down
19 changes: 18 additions & 1 deletion lib/internal/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
const { getOptions } = internalBinding('options');
const { options, aliases } = getOptions();

let warnOnAllowUnauthorized = true;

function getOptionValue(option) {
const result = options.get(option);
if (!result) {
Expand All @@ -11,8 +13,23 @@ function getOptionValue(option) {
return result.value;
}

function getAllowUnauthorized() {
const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';

if (allowUnauthorized && warnOnAllowUnauthorized) {
warnOnAllowUnauthorized = false;
process.emitWarning(
'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
'environment variable to \'0\' makes TLS connections ' +
'and HTTPS requests insecure by disabling ' +
'certificate verification.');
}
return allowUnauthorized;
}

module.exports = {
options,
aliases,
getOptionValue
getOptionValue,
getAllowUnauthorized,
};

0 comments on commit 14aa313

Please sign in to comment.