Please sign in to comment.
tls: make rejectUnauthorized default to true
rejectUnauthorized used to be false when the property was undefined or null, quietly allowing client connections for which certificates have been requested (requestCert is true) even when the client certificate was not authorized (signed by a trusted CA). Change this so rejectUnauthorized is always true unless it is explicitly set to false. PR-URL: #5923 Reviewed-By: Sam Roberts <email@example.com> Reviewed-By: James M Snell <firstname.lastname@example.org> Reviewed-By: Ben Noordhuis <email@example.com> Reviewed-By: Colin Ihrig <firstname.lastname@example.org>
- Loading branch information...
Showing with 16 additions and 21 deletions.