diff options
Diffstat (limited to 'lib/_tls_wrap.js')
-rw-r--r-- | lib/_tls_wrap.js | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 1982261b80..9ab6a198ff 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1516,7 +1516,15 @@ function onConnectSecure() { this.authorized = false; this.authorizationError = verifyError.code || verifyError.message; - if (options.rejectUnauthorized) { + // rejectUnauthorized property can be explicitly defined as `undefined` + // causing the assignment to default value (`true`) fail. Before assigning + // it to the tlssock connection options, explicitly check if it is false + // and update rejectUnauthorized property. The property gets used by + // TLSSocket connection handler to allow or reject connection if + // unauthorized. + // This check is potentially redundant, however it is better to keep it + // in case the option object gets modified somewhere. + if (options.rejectUnauthorized !== false) { this.destroy(verifyError); return; } @@ -1598,6 +1606,13 @@ exports.connect = function connect(...args) { pskCallback: options.pskCallback, }); + // rejectUnauthorized property can be explicitly defined as `undefined` + // causing the assignment to default value (`true`) fail. Before assigning + // it to the tlssock connection options, explicitly check if it is false + // and update rejectUnauthorized property. The property gets used by TLSSocket + // connection handler to allow or reject connection if unauthorized + options.rejectUnauthorized = options.rejectUnauthorized !== false; + tlssock[kConnectOptions] = options; if (cb) |