diff options
author | James M Snell <jasnell@gmail.com> | 2020-04-18 11:25:04 -0700 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2020-04-28 13:15:04 +0200 |
commit | bfa19c47a484147275817e5cef936fcb1234bca1 (patch) | |
tree | 46dadd5cad2b25f52743626bc8c81c89c1557034 | |
parent | 4432bb24150989b4c4e0e9010cab2abce63acb80 (diff) | |
download | node-new-bfa19c47a484147275817e5cef936fcb1234bca1.tar.gz |
tls: move getAllowUnauthorized to internal/options
Make it so that the allow unauthorized warning can be easily reused
by the QUIC impl once that lands.
Extracted from https://github.com/nodejs/node/pull/32379
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/32917
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
-rw-r--r-- | lib/_tls_wrap.js | 17 | ||||
-rw-r--r-- | lib/internal/options.js | 19 |
2 files changed, 23 insertions, 13 deletions
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 91fa20cb2b..9957083bb1 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -70,7 +70,10 @@ const { ERR_TLS_INVALID_STATE } = codes; const { onpskexchange: kOnPskExchange } = internalBinding('symbols'); -const { getOptionValue } = require('internal/options'); +const { + getOptionValue, + getAllowUnauthorized, +} = require('internal/options'); const { validateString, validateBuffer, @@ -1540,22 +1543,12 @@ function onConnectEnd() { } } -let warnOnAllowUnauthorized = true; - // Arguments: [port,] [host,] [options,] [cb] exports.connect = function connect(...args) { args = normalizeConnectArgs(args); let options = args[0]; const cb = args[1]; - const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0'; - - if (allowUnauthorized && warnOnAllowUnauthorized) { - warnOnAllowUnauthorized = false; - process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' + - 'environment variable to \'0\' makes TLS connections ' + - 'and HTTPS requests insecure by disabling ' + - 'certificate verification.'); - } + const allowUnauthorized = getAllowUnauthorized(); options = { rejectUnauthorized: !allowUnauthorized, diff --git a/lib/internal/options.js b/lib/internal/options.js index e494787b96..03586f9dae 100644 --- a/lib/internal/options.js +++ b/lib/internal/options.js @@ -3,6 +3,8 @@ const { getOptions } = internalBinding('options'); const { options, aliases } = getOptions(); +let warnOnAllowUnauthorized = true; + function getOptionValue(option) { const result = options.get(option); if (!result) { @@ -11,8 +13,23 @@ function getOptionValue(option) { return result.value; } +function getAllowUnauthorized() { + const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0'; + + if (allowUnauthorized && warnOnAllowUnauthorized) { + warnOnAllowUnauthorized = false; + process.emitWarning( + 'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' + + 'environment variable to \'0\' makes TLS connections ' + + 'and HTTPS requests insecure by disabling ' + + 'certificate verification.'); + } + return allowUnauthorized; +} + module.exports = { options, aliases, - getOptionValue + getOptionValue, + getAllowUnauthorized, }; |