From 35607f3a2dda03af8cf2dd3704c0c915e28aa774 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Thu, 30 Aug 2012 15:14:37 +0200 Subject: [PATCH] tls, https: validate server certificate by default This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949. --- doc/api/https.markdown | 2 +- doc/api/tls.markdown | 2 +- lib/https.js | 23 +++++++++++++++---- lib/tls.js | 5 ++++ test/fixtures/GH-892-request.js | 5 +++- test/pummel/test-https-large-response.js | 4 ++-- test/pummel/test-tls-throttle.js | 7 +++--- test/simple/test-http-host-headers.js | 4 ++-- .../test-http-url.parse-https.request.js | 3 +++ test/simple/test-https-agent.js | 3 +++ test/simple/test-https-client-get-url.js | 3 +++ test/simple/test-https-client-reject.js | 9 ++++---- test/simple/test-https-drain.js | 3 +++ test/simple/test-https-eof-for-eom.js | 3 +++ test/simple/test-https-localaddress.js | 3 +++ test/simple/test-https-pfx.js | 3 +++ test/simple/test-https-socket-options.js | 3 +++ test/simple/test-https-strict.js | 3 +++ test/simple/test-https-timeout.js | 3 +++ test/simple/test-regress-GH-1531.js | 3 +++ test/simple/test-tls-client-reject.js | 10 ++++---- test/simple/test-tls-client-resume.js | 3 +++ test/simple/test-tls-client-verify.js | 3 +++ test/simple/test-tls-connect-given-socket.js | 3 +++ test/simple/test-tls-connect-simple.js | 3 +++ test/simple/test-tls-getcipher.js | 3 +++ test/simple/test-tls-honorcipherorder.js | 3 +++ test/simple/test-tls-npn-server-client.js | 3 +++ test/simple/test-tls-over-http-tunnel.js | 3 +++ test/simple/test-tls-passphrase.js | 3 +++ test/simple/test-tls-pause-close.js | 3 +++ test/simple/test-tls-pause.js | 3 +++ .../test-tls-peer-certificate-multi-keys.js | 3 +++ test/simple/test-tls-peer-certificate.js | 3 +++ test/simple/test-tls-remote.js | 3 +++ test/simple/test-tls-request-timeout.js | 3 +++ test/simple/test-tls-set-encoding.js | 3 +++ test/simple/test-tls-sni-server-client.js | 3 +++ 38 files changed, 131 insertions(+), 24 deletions(-) diff --git a/doc/api/https.markdown b/doc/api/https.markdown index e2c9862a090..943395a5569 100644 --- a/doc/api/https.markdown +++ b/doc/api/https.markdown @@ -119,7 +119,7 @@ The following options from [tls.connect()][] can also be specified. However, a - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification fails. Verification happens at the connection level, *before* the HTTP - request is sent. Default `false`. + request is sent. Default `true`. In order to specify these options, use a custom `Agent`. diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 44a70c0c965..4d8b7f1dae7 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -240,7 +240,7 @@ Creates a new client connection to the given `port` and `host` (old API) or - `rejectUnauthorized`: If `true`, the server certificate is verified against the list of supplied CAs. An `'error'` event is emitted if verification - fails. Default: `false`. + fails. Default: `true`. - `NPNProtocols`: An array of string or `Buffer` containing supported NPN protocols. `Buffer` should have following format: `0x05hello0x05world`, diff --git a/lib/https.js b/lib/https.js index a243b2bc2e8..bc4e8eeea0e 100644 --- a/lib/https.js +++ b/lib/https.js @@ -21,6 +21,7 @@ var tls = require('tls'); var http = require('http'); +var util = require('util'); var url = require('url'); var inherits = require('util').inherits; @@ -97,11 +98,25 @@ exports.request = function(options, cb) { throw new Error('Protocol:' + options.protocol + ' not supported.'); } - if (options.agent === undefined) { - options.agent = globalAgent; + options = util._extend({ + createConnection: createConnection, + defaultPort: 443 + }, options); + + if (typeof options.agent === 'undefined') { + if (typeof options.ca === 'undefined' && + typeof options.cert === 'undefined' && + typeof options.ciphers === 'undefined' && + typeof options.key === 'undefined' && + typeof options.passphrase === 'undefined' && + typeof options.pfx === 'undefined' && + typeof options.rejectUnauthorized === 'undefined') { + options.agent = globalAgent; + } else { + options.agent = new Agent(options); + } } - options.createConnection = createConnection; - options.defaultPort = options.defaultPort || 443; + return new http.ClientRequest(options, cb); }; diff --git a/lib/tls.js b/lib/tls.js index 43411c0fc3b..dc327878252 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -1272,6 +1272,11 @@ exports.connect = function(/* [port, host], options, cb */) { var options = args[0]; var cb = args[1]; + var defaults = { + rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED + }; + options = util._extend(defaults, options || {}); + var socket = options.socket ? options.socket : new net.Stream(); var sslcontext = crypto.createCredentials(options); diff --git a/test/fixtures/GH-892-request.js b/test/fixtures/GH-892-request.js index a43398e9840..db8186bfc00 100644 --- a/test/fixtures/GH-892-request.js +++ b/test/fixtures/GH-892-request.js @@ -19,7 +19,10 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. -// Called by test/simple/test-regress-GH-892.js +// Called by test/pummel/test-regress-GH-892.js + +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var https = require('https'); var fs = require('fs'); diff --git a/test/pummel/test-https-large-response.js b/test/pummel/test-https-large-response.js index e5382c45dbc..23a836081c0 100644 --- a/test/pummel/test-https-large-response.js +++ b/test/pummel/test-https-large-response.js @@ -19,8 +19,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var common = require('../common'); var assert = require('assert'); diff --git a/test/pummel/test-tls-throttle.js b/test/pummel/test-tls-throttle.js index fcbc8c74bd9..cfe7d737f9d 100644 --- a/test/pummel/test-tls-throttle.js +++ b/test/pummel/test-tls-throttle.js @@ -19,11 +19,12 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - - // Server sends a large string. Client counts bytes and pauses every few // seconds. Makes sure that pause and resume work properly. + +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-http-host-headers.js b/test/simple/test-http-host-headers.js index 2e92ae577d0..a0c4abf6c6d 100644 --- a/test/simple/test-http-host-headers.js +++ b/test/simple/test-http-host-headers.js @@ -19,8 +19,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. - - +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; var http = require('http'), https = require('https'), diff --git a/test/simple/test-http-url.parse-https.request.js b/test/simple/test-http-url.parse-https.request.js index 6756db54873..9e42cbdd460 100644 --- a/test/simple/test-http-url.parse-https.request.js +++ b/test/simple/test-http-url.parse-https.request.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-agent.js b/test/simple/test-https-agent.js index 41aa034862e..ded7f4dd4ba 100644 --- a/test/simple/test-https-agent.js +++ b/test/simple/test-https-agent.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-client-get-url.js b/test/simple/test-https-client-get-url.js index c6ddb032d0f..ae5613c1434 100644 --- a/test/simple/test-https-client-get-url.js +++ b/test/simple/test-https-client-get-url.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-client-reject.js b/test/simple/test-https-client-reject.js index 700caee68ad..45788a8c891 100644 --- a/test/simple/test-https-client-reject.js +++ b/test/simple/test-https-client-reject.js @@ -47,21 +47,21 @@ var server = https.createServer(options, function(req, res) { function unauthorized() { var req = https.request({ - port: common.PORT + port: common.PORT, + rejectUnauthorized: false }, function(res) { assert(!req.socket.authorized); rejectUnauthorized(); }); req.on('error', function(err) { - assert(false); + throw err; }); req.end(); } function rejectUnauthorized() { var options = { - port: common.PORT, - rejectUnauthorized: true + port: common.PORT }; options.agent = new https.Agent(options); var req = https.request(options, function(res) { @@ -76,7 +76,6 @@ function rejectUnauthorized() { function authorized() { var options = { port: common.PORT, - rejectUnauthorized: true, ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))] }; options.agent = new https.Agent(options); diff --git a/test/simple/test-https-drain.js b/test/simple/test-https-drain.js index 314944b768f..04a6bb2be19 100644 --- a/test/simple/test-https-drain.js +++ b/test/simple/test-https-drain.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-eof-for-eom.js b/test/simple/test-https-eof-for-eom.js index d5b5111c2bf..c8552999182 100644 --- a/test/simple/test-https-eof-for-eom.js +++ b/test/simple/test-https-eof-for-eom.js @@ -34,6 +34,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-https-localaddress.js b/test/simple/test-https-localaddress.js index b171225be7a..26386c44cc8 100644 --- a/test/simple/test-https-localaddress.js +++ b/test/simple/test-https-localaddress.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var https = require('https'), fs = require('fs'), diff --git a/test/simple/test-https-pfx.js b/test/simple/test-https-pfx.js index bfed64afd64..3d84aa5fedb 100644 --- a/test/simple/test-https-pfx.js +++ b/test/simple/test-https-pfx.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var https = require('https'); diff --git a/test/simple/test-https-socket-options.js b/test/simple/test-https-socket-options.js index f0216647ba4..8aa1da8fc5c 100644 --- a/test/simple/test-https-socket-options.js +++ b/test/simple/test-https-socket-options.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-https-strict.js b/test/simple/test-https-strict.js index e62c0d51a74..43febc8e13f 100644 --- a/test/simple/test-https-strict.js +++ b/test/simple/test-https-strict.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-https-timeout.js b/test/simple/test-https-timeout.js index 8a8ae00c3ce..fc32fb9ebf1 100644 --- a/test/simple/test-https-timeout.js +++ b/test/simple/test-https-timeout.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var fs = require('fs'); diff --git a/test/simple/test-regress-GH-1531.js b/test/simple/test-regress-GH-1531.js index 58086e0879c..8d5f8b826b1 100644 --- a/test/simple/test-regress-GH-1531.js +++ b/test/simple/test-regress-GH-1531.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { var https = require('https'); var assert = require('assert'); var fs = require('fs'); +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var options = { diff --git a/test/simple/test-tls-client-reject.js b/test/simple/test-tls-client-reject.js index 5f5056e33e4..410096fc154 100644 --- a/test/simple/test-tls-client-reject.js +++ b/test/simple/test-tls-client-reject.js @@ -48,7 +48,10 @@ var server = tls.createServer(options, function(socket) { }); function unauthorized() { - var socket = tls.connect(common.PORT, function() { + var socket = tls.connect({ + port: common.PORT, + rejectUnauthorized: false + }, function() { assert(!socket.authorized); socket.end(); rejectUnauthorized(); @@ -60,9 +63,7 @@ function unauthorized() { } function rejectUnauthorized() { - var socket = tls.connect(common.PORT, { - rejectUnauthorized: true - }, function() { + var socket = tls.connect(common.PORT, function() { assert(false); }); socket.on('error', function(err) { @@ -74,7 +75,6 @@ function rejectUnauthorized() { function authorized() { var socket = tls.connect(common.PORT, { - rejectUnauthorized: true, ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))] }, function() { assert(socket.authorized); diff --git a/test/simple/test-tls-client-resume.js b/test/simple/test-tls-client-resume.js index 9fc84da3e11..5af6c7935be 100644 --- a/test/simple/test-tls-client-resume.js +++ b/test/simple/test-tls-client-resume.js @@ -28,6 +28,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-client-verify.js b/test/simple/test-tls-client-verify.js index 9b1083f064f..f071e3407cd 100644 --- a/test/simple/test-tls-client-verify.js +++ b/test/simple/test-tls-client-verify.js @@ -59,6 +59,9 @@ var testCases = ]; +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var fs = require('fs'); diff --git a/test/simple/test-tls-connect-given-socket.js b/test/simple/test-tls-connect-given-socket.js index e341dfc82d5..262966b56a4 100644 --- a/test/simple/test-tls-connect-given-socket.js +++ b/test/simple/test-tls-connect-given-socket.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-connect-simple.js b/test/simple/test-tls-connect-simple.js index 6c07f4cb023..b1c68a4a89f 100644 --- a/test/simple/test-tls-connect-simple.js +++ b/test/simple/test-tls-connect-simple.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-getcipher.js b/test/simple/test-tls-getcipher.js index 2f8c290b73a..d101ad84410 100644 --- a/test/simple/test-tls-getcipher.js +++ b/test/simple/test-tls-getcipher.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-honorcipherorder.js b/test/simple/test-tls-honorcipherorder.js index cc2584390a9..fbbfb64a13f 100644 --- a/test/simple/test-tls-honorcipherorder.js +++ b/test/simple/test-tls-honorcipherorder.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-npn-server-client.js b/test/simple/test-tls-npn-server-client.js index cf8014a50b0..09c5c4b1317 100644 --- a/test/simple/test-tls-npn-server-client.js +++ b/test/simple/test-tls-npn-server-client.js @@ -25,6 +25,9 @@ if (!process.features.tls_npn) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'), assert = require('assert'), fs = require('fs'), diff --git a/test/simple/test-tls-over-http-tunnel.js b/test/simple/test-tls-over-http-tunnel.js index 4a5e22140d2..2cae29d42e1 100644 --- a/test/simple/test-tls-over-http-tunnel.js +++ b/test/simple/test-tls-over-http-tunnel.js @@ -27,6 +27,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); diff --git a/test/simple/test-tls-passphrase.js b/test/simple/test-tls-passphrase.js index e3c0f2a849c..983af863a0e 100644 --- a/test/simple/test-tls-passphrase.js +++ b/test/simple/test-tls-passphrase.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-pause-close.js b/test/simple/test-tls-pause-close.js index a53d017a138..26e267d86a1 100644 --- a/test/simple/test-tls-pause-close.js +++ b/test/simple/test-tls-pause-close.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-pause.js b/test/simple/test-tls-pause.js index 9ca3dfb2bd9..11cfb3a4fae 100644 --- a/test/simple/test-tls-pause.js +++ b/test/simple/test-tls-pause.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-peer-certificate-multi-keys.js b/test/simple/test-tls-peer-certificate-multi-keys.js index 070b5287621..e967b495560 100644 --- a/test/simple/test-tls-peer-certificate-multi-keys.js +++ b/test/simple/test-tls-peer-certificate-multi-keys.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-peer-certificate.js b/test/simple/test-tls-peer-certificate.js index ea3245a562f..abe1291389d 100644 --- a/test/simple/test-tls-peer-certificate.js +++ b/test/simple/test-tls-peer-certificate.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-remote.js b/test/simple/test-tls-remote.js index 9aa51ab416f..3753ab7460d 100644 --- a/test/simple/test-tls-remote.js +++ b/test/simple/test-tls-remote.js @@ -24,6 +24,9 @@ if (!process.versions.openssl) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-request-timeout.js b/test/simple/test-tls-request-timeout.js index c44ecef3fa9..d9fd5e72edc 100644 --- a/test/simple/test-tls-request-timeout.js +++ b/test/simple/test-tls-request-timeout.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-set-encoding.js b/test/simple/test-tls-set-encoding.js index 8850a677e0c..a404a361086 100644 --- a/test/simple/test-tls-set-encoding.js +++ b/test/simple/test-tls-set-encoding.js @@ -19,6 +19,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'); var assert = require('assert'); var tls = require('tls'); diff --git a/test/simple/test-tls-sni-server-client.js b/test/simple/test-tls-sni-server-client.js index 093d0fd1154..2af06be2657 100644 --- a/test/simple/test-tls-sni-server-client.js +++ b/test/simple/test-tls-sni-server-client.js @@ -28,6 +28,9 @@ if (!process.features.tls_sni) { process.exit(0); } +// disable strict server certificate validation by the client +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + var common = require('../common'), assert = require('assert'), fs = require('fs'),