tls: make rejectUnauthorized default to true

rejectUnauthorized used to be false when the property was undefined or
null, quietly allowing client connections for which certificates have
been requested (requestCert is true) even when the client certificate
was not authorized (signed by a trusted CA). Change this so
rejectUnauthorized is always true unless it is explicitly set to false.

PR-URL: https://github.com/nodejs/node/pull/5923
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

2 files changed, 4 insertions, 2 deletions

diff --git a/test/parallel/test-https-foafssl.js b/test/parallel/test-https-foafssl.js
index 8b711b81fe..661b196152 100644
--- a/test/parallel/test-https-foafssl.js
+++ b/test/parallel/test-https-foafssl.js
@@ -42,7 +42,8 @@ const https = require('https');
 const options = {
   key: fs.readFileSync(common.fixturesDir + '/agent.key'),
   cert: fs.readFileSync(common.fixturesDir + '/agent.crt'),
-  requestCert: true
+  requestCert: true,
+  rejectUnauthorized: false
 };
 
 const modulus = 'A6F44A9C25791431214F5C87AF9E040177A8BB89AC803F7E09BBC3A5519F' +
diff --git a/test/parallel/test-tls-session-cache.js b/test/parallel/test-tls-session-cache.js
index f555da842b..887c36d4c5 100644
--- a/test/parallel/test-tls-session-cache.js
+++ b/test/parallel/test-tls-session-cache.js
@@ -56,7 +56,8 @@ function doTest(testOptions, callback) {
     key: key,
     cert: cert,
     ca: [cert],
-    requestCert: true
+    requestCert: true,
+    rejectUnauthorized: false
   };
   let requestCount = 0;
   let resumeCount = 0;