diff --git a/doc/api/https.markdown b/doc/api/https.markdown index e2c9862a09..943395a556 100644 --- a/doc/api/https.markdown +++ b/doc/api/https.markdown @@ -119,7 +119,7 @@ The following options from [tls.connect()][] can also be specified. However, a - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification fails. Verification happens at the connection level, *before* the HTTP - request is sent. Default `false`. + request is sent. Default `true`. In order to specify these options, use a custom `Agent`. diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 44a70c0c96..4d8b7f1dae 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -240,7 +240,7 @@ Creates a new client connection to the given `port` and `host` (old API) or - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification - fails. Default: `false`. + fails. Default: `true`. - `NPNProtocols`: An array of string or `Buffer` containing supported NPN protocols. `Buffer` should have following format: `0x05hello0x05world`, diff --git a/lib/https.js b/lib/https.js index a243b2bc2e..bc4e8eeea0 100644 --- a/lib/https.js +++ b/lib/https.js @@ -21,6 +21,7 @@ var tls = require('tls'); var http = require('http'); +var util = require('util'); var url = require('url'); var inherits = require('util').inherits; @@ -97,11 +98,25 @@ exports.request = function(options, cb) { throw new Error('Protocol:' + options.protocol + ' not supported.'); } - if (options.agent === undefined) { - options.agent = globalAgent; + options = util._extend({ + createConnection: createConnection, + defaultPort: 443 + }, options); + + if (typeof options.agent === 'undefined') { + if (typeof options.ca === 'undefined' && + typeof options.cert === 'undefined' && + typeof options.ciphers === 'undefined' && + typeof options.key === 'undefined' && + typeof options.passphrase === 'undefined' && + typeof options.pfx === 'undefined' && + typeof options.rejectUnauthorized === 'undefined') { + options.agent = globalAgent; + } else { + options.agent = new Agent(options); + } } - options.createConnection = createConnection; - options.defaultPort = options.defaultPort || 443; + return new http.ClientRequest(options, cb); }; diff --git a/lib/tls.js b/lib/tls.js index 43411c0fc3..dc32787825 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -1272,6 +1272,11 @@ exports.connect = function(/* [port, host], options, cb */) { var options = args[0]; var cb = args[1]; + var defaults = { + rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED + }; + options = util._extend(defaults, options || {}); + var socket = options.socket ? options.socket : new net.Stream(); var sslcontext = crypto.createCredentials(options); diff --git a/test/fixtures/GH-892-request.js b/test/fixtures/GH-892-request.js index a43398e984..db8186bfc0 100644 --- a/test/fixtures/GH-892-request.js +++ b/test/fixtures/GH-892-request.js @@ -19,7 +19,10 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. -// Called by test/simple/test-regress-GH-892.js +// Called by test/pummel/test-regress-GH-892.js + +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var https = require('https'); var fs = require('fs'); diff --git a/test/pummel/test-https-large-response.js b/test/pummel/test-https-large-response.js index e5382c45db..23a836081c 100644 --- a/test/pummel/test-https-large-response.js +++ b/test/pummel/test-https-large-response.js @@ -19,8 +19,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var common = require('../common'); var assert = require('assert'); diff --git a/test/pummel/test-tls-throttle.js b/test/pummel/test-tls-throttle.js index fcbc8c74bd..cfe7d737f9 100644 --- a/test/pummel/test-tls-throttle.js +++ b/test/pummel/test-tls-throttle.js @@ -19,11 +19,12 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - - // Server sends a large string. Client counts bytes and pauses every few // seconds. Makes sure that pause and resume work properly. + +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-http-host-headers.js b/test/simple/test-http-host-headers.js index 2e92ae577d..a0c4abf6c6 100644 --- a/test/simple/test-http-host-headers.js +++ b/test/simple/test-http-host-headers.js @@ -19,8 +19,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var http = require('http'), https = require('https'), diff --git a/test/simple/test-http-url.parse-https.request.js b/test/simple/test-http-url.parse-https.request.js index 6756db5487..9e42cbdd46 100644 --- a/test/simple/test-http-url.parse-https.request.js +++ b/test/simple/test-http-url.parse-https.request.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-agent.js b/test/simple/test-https-agent.js index 41aa034862..ded7f4dd4b 100644 --- a/test/simple/test-https-agent.js +++ b/test/simple/test-https-agent.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-client-get-url.js b/test/simple/test-https-client-get-url.js index c6ddb032d0..ae5613c143 100644 --- a/test/simple/test-https-client-get-url.js +++ b/test/simple/test-https-client-get-url.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-client-reject.js b/test/simple/test-https-client-reject.js index 700caee68a..45788a8c89 100644 --- a/test/simple/test-https-client-reject.js +++ b/test/simple/test-https-client-reject.js @@ -47,21 +47,21 @@ var server = https.createServer(options, function(req, res) { function unauthorized() { var req = https.request({ - port: common.PORT + port: common.PORT, + rejectUnauthorized: false }, function(res) { assert(!req.socket.authorized); rejectUnauthorized(); }); req.on('error', function(err) { - assert(false); + throw err; }); req.end(); } function rejectUnauthorized() { var options = { - port: common.PORT, - rejectUnauthorized: true + port: common.PORT }; options.agent = new https.Agent(options); var req = https.request(options, function(res) { @@ -76,7 +76,6 @@ function rejectUnauthorized() { function authorized() { var options = { port: common.PORT, - rejectUnauthorized: true, ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))] }; options.agent = new https.Agent(options); diff --git a/test/simple/test-https-drain.js b/test/simple/test-https-drain.js index 314944b768..04a6bb2be1 100644 --- a/test/simple/test-https-drain.js +++ b/test/simple/test-https-drain.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-eof-for-eom.js b/test/simple/test-https-eof-for-eom.js index d5b5111c2b..c855299918 100644 --- a/test/simple/test-https-eof-for-eom.js +++ b/test/simple/test-https-eof-for-eom.js @@ -34,6 +34,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-https-localaddress.js b/test/simple/test-https-localaddress.js index b171225be7..26386c44cc 100644 --- a/test/simple/test-https-localaddress.js +++ b/test/simple/test-https-localaddress.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var https = require('https'), fs = require('fs'), diff --git a/test/simple/test-https-pfx.js b/test/simple/test-https-pfx.js index bfed64afd6..3d84aa5fed 100644 --- a/test/simple/test-https-pfx.js +++ b/test/simple/test-https-pfx.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-socket-options.js b/test/simple/test-https-socket-options.js index f0216647ba..8aa1da8fc5 100644 --- a/test/simple/test-https-socket-options.js +++ b/test/simple/test-https-socket-options.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-https-strict.js b/test/simple/test-https-strict.js index e62c0d51a7..43febc8e13 100644 --- a/test/simple/test-https-strict.js +++ b/test/simple/test-https-strict.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-https-timeout.js b/test/simple/test-https-timeout.js index 8a8ae00c3c..fc32fb9ebf 100644 --- a/test/simple/test-https-timeout.js +++ b/test/simple/test-https-timeout.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var fs = require('fs'); diff --git a/test/simple/test-regress-GH-1531.js b/test/simple/test-regress-GH-1531.js index 58086e0879..8d5f8b826b 100644 --- a/test/simple/test-regress-GH-1531.js +++ b/test/simple/test-regress-GH-1531.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { var https = require('https'); var assert = require('assert'); var fs = require('fs'); +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var options = { diff --git a/test/simple/test-tls-client-reject.js b/test/simple/test-tls-client-reject.js index 5f5056e33e..410096fc15 100644 --- a/test/simple/test-tls-client-reject.js +++ b/test/simple/test-tls-client-reject.js @@ -48,7 +48,10 @@ var server = tls.createServer(options, function(socket) { }); function unauthorized() { - var socket = tls.connect(common.PORT, function() { + var socket = tls.connect({ + port: common.PORT, + rejectUnauthorized: false + }, function() { assert(!socket.authorized); socket.end(); rejectUnauthorized(); @@ -60,9 +63,7 @@ function unauthorized() { } function rejectUnauthorized() { - var socket = tls.connect(common.PORT, { - rejectUnauthorized: true - }, function() { + var socket = tls.connect(common.PORT, function() { assert(false); }); socket.on('error', function(err) { @@ -74,7 +75,6 @@ function rejectUnauthorized() { function authorized() { var socket = tls.connect(common.PORT, { - rejectUnauthorized: true, ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))] }, function() { assert(socket.authorized); diff --git a/test/simple/test-tls-client-resume.js b/test/simple/test-tls-client-resume.js index 9fc84da3e1..5af6c7935b 100644 --- a/test/simple/test-tls-client-resume.js +++ b/test/simple/test-tls-client-resume.js @@ -28,6 +28,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-client-verify.js b/test/simple/test-tls-client-verify.js index 9b1083f064..f071e3407c 100644 --- a/test/simple/test-tls-client-verify.js +++ b/test/simple/test-tls-client-verify.js @@ -59,6 +59,9 @@ var testCases = ]; +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var fs = require('fs'); diff --git a/test/simple/test-tls-connect-given-socket.js b/test/simple/test-tls-connect-given-socket.js index e341dfc82d..262966b56a 100644 --- a/test/simple/test-tls-connect-given-socket.js +++ b/test/simple/test-tls-connect-given-socket.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-connect-simple.js b/test/simple/test-tls-connect-simple.js index 6c07f4cb02..b1c68a4a89 100644 --- a/test/simple/test-tls-connect-simple.js +++ b/test/simple/test-tls-connect-simple.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-getcipher.js b/test/simple/test-tls-getcipher.js index 2f8c290b73..d101ad8441 100644 --- a/test/simple/test-tls-getcipher.js +++ b/test/simple/test-tls-getcipher.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-honorcipherorder.js b/test/simple/test-tls-honorcipherorder.js index cc2584390a..fbbfb64a13 100644 --- a/test/simple/test-tls-honorcipherorder.js +++ b/test/simple/test-tls-honorcipherorder.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-npn-server-client.js b/test/simple/test-tls-npn-server-client.js index cf8014a50b..09c5c4b131 100644 --- a/test/simple/test-tls-npn-server-client.js +++ b/test/simple/test-tls-npn-server-client.js @@ -25,6 +25,9 @@ if (!process.features.tls_npn) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'), assert = require('assert'), fs = require('fs'), diff --git a/test/simple/test-tls-over-http-tunnel.js b/test/simple/test-tls-over-http-tunnel.js index 4a5e22140d..2cae29d42e 100644 --- a/test/simple/test-tls-over-http-tunnel.js +++ b/test/simple/test-tls-over-http-tunnel.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-tls-passphrase.js b/test/simple/test-tls-passphrase.js index e3c0f2a849..983af863a0 100644 --- a/test/simple/test-tls-passphrase.js +++ b/test/simple/test-tls-passphrase.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-pause-close.js b/test/simple/test-tls-pause-close.js index a53d017a13..26e267d86a 100644 --- a/test/simple/test-tls-pause-close.js +++ b/test/simple/test-tls-pause-close.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-pause.js b/test/simple/test-tls-pause.js index 9ca3dfb2bd..11cfb3a4fa 100644 --- a/test/simple/test-tls-pause.js +++ b/test/simple/test-tls-pause.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-peer-certificate-multi-keys.js b/test/simple/test-tls-peer-certificate-multi-keys.js index 070b528762..e967b49556 100644 --- a/test/simple/test-tls-peer-certificate-multi-keys.js +++ b/test/simple/test-tls-peer-certificate-multi-keys.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-peer-certificate.js b/test/simple/test-tls-peer-certificate.js index ea3245a562..abe1291389 100644 --- a/test/simple/test-tls-peer-certificate.js +++ b/test/simple/test-tls-peer-certificate.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-remote.js b/test/simple/test-tls-remote.js index 9aa51ab416..3753ab7460 100644 --- a/test/simple/test-tls-remote.js +++ b/test/simple/test-tls-remote.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-request-timeout.js b/test/simple/test-tls-request-timeout.js index c44ecef3fa..d9fd5e72ed 100644 --- a/test/simple/test-tls-request-timeout.js +++ b/test/simple/test-tls-request-timeout.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-set-encoding.js b/test/simple/test-tls-set-encoding.js index 8850a677e0..a404a36108 100644 --- a/test/simple/test-tls-set-encoding.js +++ b/test/simple/test-tls-set-encoding.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-sni-server-client.js b/test/simple/test-tls-sni-server-client.js index 093d0fd115..2af06be265 100644 --- a/test/simple/test-tls-sni-server-client.js +++ b/test/simple/test-tls-sni-server-client.js @@ -28,6 +28,9 @@ if (!process.features.tls_sni) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'), assert = require('assert'), fs = require('fs'),