Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
tls: rejectUnauthorized is treated to true by default #5923
Pull Request check-list
Affected core subsystem(s)
Description of change
Improves usability as described here - #5917
tls.connect treats rejectUnauthorized as a false value, when we need to treat it only when rejectUnauthorized is really set to false.
In my last commit I should explicitly set to
I think, all test-cases are passed until now because
When I've fixed that problem, I'm start getting this error:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA Session-ID: 84BA6EEF82ED3FEC65728E801DBAE5E4FF0898A61C9CDD5A39EC6B9DB1883DB6 Session-ID-ctx: Master-Key: 0B44AE6722D0039BFEF033417DA8F6F624E9E0DE98BB844254E93D3F641A3B937550EB4DE46FB83F16394B80A85F57AB Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1459086986 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) --- drop connection and then reconnect CONNECTED(00000003)
Certificate has expired and tests are failing. So, for now, I explicitly set
referenced this pull request
Mar 27, 2016
https://nodejs.org/api/tls.html#tls_tlssocket_renegotiate_options_callback, tls.renegotiate() says nothing at all about the default values... but did they change? I think they did, but its a bit hard to see from just the PR diff.
And btw, @ghaiklor , thanks for picking this up again, the behaviour this changes should be fixed.
Heads up, it will need to land pretty quickly to get into 8.x... if it misses the -rc, it won't be released until 9.x, which would be a pity. I've been travelling lately, but I'll keep a sharp eye on this to land as soon as possible.