archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-16 06:08:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

tls, https: validate server certificate by default

Browse source 
This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.
This commit is contained in:
Ben Noordhuis 2012-08-30 15:14:37 +02:00
parent 4c171a504d
commit 35607f3a2d
38 changed files with 131 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

3
test/simple/test-http-url.parse-https.request.js
View file

@ -19,6 +19,9 @@
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// disable strict server certificate validation by the client
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
var common = require('../common');
var assert = require('assert');
var https = require('https');