tls, https: validate server certificate by default

This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949.
author: Ben Noordhuis <info@bnoordhuis.nl> 2012-08-30 15:14:37 +0200
committer: Ben Noordhuis <info@bnoordhuis.nl> 2012-09-15 00:19:06 +0200
commit: 35607f3a2dda03af8cf2dd3704c0c915e28aa774 (patch)
tree: 95a92b0aff7a248a9879054c29e4ba6a0acb8836 /test/fixtures
parent: 4c171a504d2357185efab21e81b33e2dee1ab1da (diff)
download: node-new-35607f3a2dda03af8cf2dd3704c0c915e28aa774.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/test/fixtures/GH-892-request.js b/test/fixtures/GH-892-request.js
index a43398e984..db8186bfc0 100644
--- a/test/fixtures/GH-892-request.js
+++ b/test/fixtures/GH-892-request.js
@@ -19,7 +19,10 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-// Called by test/simple/test-regress-GH-892.js
+// Called by test/pummel/test-regress-GH-892.js
+
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 
 var https = require('https');
 var fs = require('fs');
author	Ben Noordhuis <info@bnoordhuis.nl>	2012-08-30 15:14:37 +0200
committer	Ben Noordhuis <info@bnoordhuis.nl>	2012-09-15 00:19:06 +0200
commit	35607f3a2dda03af8cf2dd3704c0c915e28aa774 (patch)
tree	95a92b0aff7a248a9879054c29e4ba6a0acb8836 /test/fixtures
parent	4c171a504d2357185efab21e81b33e2dee1ab1da (diff)
download	node-new-35607f3a2dda03af8cf2dd3704c0c915e28aa774.tar.gz