Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

tls, https: default to rejectUnauthorized=true in tls.connect and https.request #4023

Merged
merged 2 commits into from Sep 15, 2012
Merged

tls, https: default to rejectUnauthorized=true in tls.connect and https.request #4023

merged 2 commits into from Sep 15, 2012

Conversation

bnoordhuis
Copy link
Member

Quoting the commit log:

tls, https: validate server certificates by default

This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.

The second commit updates the tests to set rejectUnauthorized explicitly instead of mucking with the environment.

Suggested reviewer: @indutny

@bnoordhuis
tls, https: validate server certificate by default
35607f3 
This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes nodejs#3949.
@bnoordhuis
test: set rejectUnauthorized in tls/https tests
3806cf0 
Update the tls and https tests to explicitly set rejectUnauthorized instead of
relying on the NODE_TLS_REJECT_UNAUTHORIZED environment variable getting set.
@indutny
Copy link
Member

indutny commented Sep 15, 2012

@bnoordhuis If tests are passing - lgtm

@bnoordhuis
Copy link
Member Author

Thanks Fedor, merged.

@bnoordhuis bnoordhuis closed this Sep 15, 2012
@bnoordhuis bnoordhuis merged commit 3806cf0 into nodejs:master Sep 15, 2012
@cliffano cliffano mentioned this pull request May 9, 2013
Closed
@stenington stenington mentioned this pull request Dec 10, 2013
Closed
@mikemorris mikemorris mentioned this pull request Jan 29, 2014
Closed
@amgray789 amgray789 mentioned this pull request Oct 23, 2014
Closed
@rhoboat rhoboat mentioned this pull request Jul 25, 2018
Merged
5 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bnoordhuis @indutny