From 14aa3131864fea00edb3c6887e25cd1d7c533e0d Mon Sep 17 00:00:00 2001 From: James M Snell Date: Sat, 18 Apr 2020 11:25:04 -0700 Subject: [PATCH] tls: move getAllowUnauthorized to internal/options Make it so that the allow unauthorized warning can be easily reused by the QUIC impl once that lands. Extracted from https://github.com/nodejs/node/pull/32379 Signed-off-by: James M Snell PR-URL: https://github.com/nodejs/node/pull/32917 Reviewed-By: Sam Roberts Reviewed-By: Colin Ihrig --- lib/_tls_wrap.js | 17 +++++------------ lib/internal/options.js | 19 ++++++++++++++++++- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index cf1d2c27b89fd4..82b43ea481fd5b 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -70,7 +70,10 @@ const { ERR_TLS_INVALID_STATE } = codes; const { onpskexchange: kOnPskExchange } = internalBinding('symbols'); -const { getOptionValue } = require('internal/options'); +const { + getOptionValue, + getAllowUnauthorized, +} = require('internal/options'); const { validateString, validateBuffer, @@ -1533,22 +1536,12 @@ function onConnectEnd() { } } -let warnOnAllowUnauthorized = true; - // Arguments: [port,] [host,] [options,] [cb] exports.connect = function connect(...args) { args = normalizeConnectArgs(args); let options = args[0]; const cb = args[1]; - const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0'; - - if (allowUnauthorized && warnOnAllowUnauthorized) { - warnOnAllowUnauthorized = false; - process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' + - 'environment variable to \'0\' makes TLS connections ' + - 'and HTTPS requests insecure by disabling ' + - 'certificate verification.'); - } + const allowUnauthorized = getAllowUnauthorized(); options = { rejectUnauthorized: !allowUnauthorized, diff --git a/lib/internal/options.js b/lib/internal/options.js index e494787b96c088..03586f9dae6d76 100644 --- a/lib/internal/options.js +++ b/lib/internal/options.js @@ -3,6 +3,8 @@ const { getOptions } = internalBinding('options'); const { options, aliases } = getOptions(); +let warnOnAllowUnauthorized = true; + function getOptionValue(option) { const result = options.get(option); if (!result) { @@ -11,8 +13,23 @@ function getOptionValue(option) { return result.value; } +function getAllowUnauthorized() { + const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0'; + + if (allowUnauthorized && warnOnAllowUnauthorized) { + warnOnAllowUnauthorized = false; + process.emitWarning( + 'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' + + 'environment variable to \'0\' makes TLS connections ' + + 'and HTTPS requests insecure by disabling ' + + 'certificate verification.'); + } + return allowUnauthorized; +} + module.exports = { options, aliases, - getOptionValue + getOptionValue, + getAllowUnauthorized, };