Skip to content

Commit 3095eec

Browse files
committed
tls: warn on NODE_TLS_REJECT_UNAUTHORIZED = '0'
Warn on the first request that sets the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0'. PR-URL: #21900 Refs: #21774 Reviewed-By: James M Snell <jasnell@gmail.com>
1 parent 87f7671 commit 3095eec

File tree

2 files changed

+20
-1
lines changed

2 files changed

+20
-1
lines changed

lib/_tls_wrap.js

+12-1
Original file line numberDiff line numberDiff line change
@@ -1098,14 +1098,25 @@ function onConnectEnd() {
10981098
}
10991099
}
11001100

1101+
let warnOnAllowUnauthorized = true;
1102+
11011103
// Arguments: [port,] [host,] [options,] [cb]
11021104
exports.connect = function connect(...args) {
11031105
args = normalizeConnectArgs(args);
11041106
var options = args[0];
11051107
var cb = args[1];
1108+
const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';
1109+
1110+
if (allowUnauthorized && warnOnAllowUnauthorized) {
1111+
warnOnAllowUnauthorized = false;
1112+
process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
1113+
'environment variable to \'0\' makes TLS connections ' +
1114+
'and HTTPS requests insecure by disabling ' +
1115+
'certificate verification.');
1116+
}
11061117

11071118
var defaults = {
1108-
rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED,
1119+
rejectUnauthorized: !allowUnauthorized,
11091120
ciphers: tls.DEFAULT_CIPHERS,
11101121
checkServerIdentity: tls.checkServerIdentity,
11111122
minDHSize: 1024

test/parallel/test-https-strict.js

+8
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,14 @@ if (!common.hasCrypto)
2828
// disable strict server certificate validation by the client
2929
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
3030

31+
common.expectWarning(
32+
'Warning',
33+
'Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to \'0\' ' +
34+
'makes TLS connections and HTTPS requests insecure by disabling ' +
35+
'certificate verification.',
36+
common.noWarnCode
37+
);
38+
3139
const assert = require('assert');
3240
const https = require('https');
3341

0 commit comments

Comments
 (0)