tls, https: validate server certificate by default

This commit changes the default value of the rejectUnauthorized option from
false to true.

What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.

There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.

Fixes #3949.

Author: bnoordhuis

doc/api/https.markdown

@@ -119,7 +119,7 @@ The following options from [tls.connect()][] can also be specified. However, a
 - `rejectUnauthorized`: If `true`, the server certificate is verified against
   the list of supplied CAs. An `'error'` event is emitted if verification
   fails. Verification happens at the connection level, *before* the HTTP
-  request is sent. Default `false`.
+  request is sent. Default `true`.
 
 In order to specify these options, use a custom `Agent`.
 

doc/api/tls.markdown

@@ -240,7 +240,7 @@ Creates a new client connection to the given `port` and `host` (old API) or
 
   - `rejectUnauthorized`: If `true`, the server certificate is verified against
     the list of supplied CAs. An `'error'` event is emitted if verification
-    fails. Default: `false`.
+    fails. Default: `true`.
 
   - `NPNProtocols`: An array of string or `Buffer` containing supported NPN
     protocols. `Buffer` should have following format: `0x05hello0x05world`,

lib/https.js

@@ -21,6 +21,7 @@
 
 var tls = require('tls');
 var http = require('http');
+var util = require('util');
 var url = require('url');
 var inherits = require('util').inherits;
 
@@ -97,11 +98,25 @@ exports.request = function(options, cb) {
     throw new Error('Protocol:' + options.protocol + ' not supported.');
   }
 
-  if (options.agent === undefined) {
-    options.agent = globalAgent;
+  options = util._extend({
+    createConnection: createConnection,
+    defaultPort: 443
+  }, options);
+
+  if (typeof options.agent === 'undefined') {
+    if (typeof options.ca === 'undefined' &&
+        typeof options.cert === 'undefined' &&
+        typeof options.ciphers === 'undefined' &&
+        typeof options.key === 'undefined' &&
+        typeof options.passphrase === 'undefined' &&
+        typeof options.pfx === 'undefined' &&
+        typeof options.rejectUnauthorized === 'undefined') {
+      options.agent = globalAgent;
+    } else {
+      options.agent = new Agent(options);
+    }
   }
-  options.createConnection = createConnection;
-  options.defaultPort = options.defaultPort || 443;
+
   return new http.ClientRequest(options, cb);
 };
 

lib/tls.js

@@ -1272,6 +1272,11 @@ exports.connect = function(/* [port, host], options, cb */) {
   var options = args[0];
   var cb = args[1];
 
+  var defaults = {
+    rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED
+  };
+  options = util._extend(defaults, options || {});
+
   var socket = options.socket ? options.socket : new net.Stream();
 
   var sslcontext = crypto.createCredentials(options);

test/fixtures/GH-892-request.js

@@ -19,7 +19,10 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-// Called by test/simple/test-regress-GH-892.js
+// Called by test/pummel/test-regress-GH-892.js
+
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 
 var https = require('https');
 var fs = require('fs');

test/pummel/test-https-large-response.js

@@ -19,8 +19,8 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-
-
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 
 var common = require('../common');
 var assert = require('assert');

test/pummel/test-tls-throttle.js

@@ -19,11 +19,12 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-
-
-
 // Server sends a large string. Client counts bytes and pauses every few
 // seconds. Makes sure that pause and resume work properly.
+
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-http-host-headers.js

@@ -19,8 +19,8 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-
-
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
 
 var http = require('http'),
     https = require('https'),

test/simple/test-http-url.parse-https.request.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var https = require('https');

test/simple/test-https-agent.js

@@ -27,6 +27,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var https = require('https');

test/simple/test-https-client-get-url.js

@@ -24,6 +24,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var https = require('https');

test/simple/test-https-client-reject.js

@@ -47,21 +47,21 @@ var server = https.createServer(options, function(req, res) {
 
 function unauthorized() {
   var req = https.request({
-    port: common.PORT
+    port: common.PORT,
+    rejectUnauthorized: false
   }, function(res) {
     assert(!req.socket.authorized);
     rejectUnauthorized();
   });
   req.on('error', function(err) {
-    assert(false);
+    throw err;
   });
   req.end();
 }
 
 function rejectUnauthorized() {
   var options = {
-    port: common.PORT,
-    rejectUnauthorized: true
+    port: common.PORT
   };
   options.agent = new https.Agent(options);
   var req = https.request(options, function(res) {
@@ -76,7 +76,6 @@ function rejectUnauthorized() {
 function authorized() {
   var options = {
     port: common.PORT,
-    rejectUnauthorized: true,
     ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))]
   };
   options.agent = new https.Agent(options);

test/simple/test-https-drain.js

@@ -24,6 +24,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var https = require('https');

test/simple/test-https-eof-for-eom.js

@@ -34,6 +34,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-https-localaddress.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var https = require('https'),
     fs = require('fs'),

test/simple/test-https-pfx.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var https = require('https');

test/simple/test-https-socket-options.js

@@ -27,6 +27,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 

test/simple/test-https-strict.js

@@ -24,6 +24,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 

test/simple/test-https-timeout.js

@@ -24,6 +24,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var fs = require('fs');

test/simple/test-regress-GH-1531.js

@@ -27,6 +27,9 @@ if (!process.versions.openssl) {
 var https = require('https');
 var assert = require('assert');
 var fs = require('fs');
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 
 var options = {

test/simple/test-tls-client-reject.js

@@ -48,7 +48,10 @@ var server = tls.createServer(options, function(socket) {
 });
 
 function unauthorized() {
-  var socket = tls.connect(common.PORT, function() {
+  var socket = tls.connect({
+    port: common.PORT,
+    rejectUnauthorized: false
+  }, function() {
     assert(!socket.authorized);
     socket.end();
     rejectUnauthorized();
@@ -60,9 +63,7 @@ function unauthorized() {
 }
 
 function rejectUnauthorized() {
-  var socket = tls.connect(common.PORT, {
-    rejectUnauthorized: true
-  }, function() {
+  var socket = tls.connect(common.PORT, function() {
     assert(false);
   });
   socket.on('error', function(err) {
@@ -74,7 +75,6 @@ function rejectUnauthorized() {
 
 function authorized() {
   var socket = tls.connect(common.PORT, {
-    rejectUnauthorized: true,
     ca: [fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))]
   }, function() {
     assert(socket.authorized);

test/simple/test-tls-client-resume.js

@@ -28,6 +28,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-tls-client-verify.js

@@ -59,6 +59,9 @@ var testCases =
     ];
 
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var fs = require('fs');

test/simple/test-tls-connect-given-socket.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-tls-connect-simple.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-tls-getcipher.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-tls-honorcipherorder.js

@@ -19,6 +19,9 @@
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-tls-npn-server-client.js

@@ -25,6 +25,9 @@ if (!process.features.tls_npn) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common'),
     assert = require('assert'),
     fs = require('fs'),

test/simple/test-tls-over-http-tunnel.js

@@ -27,6 +27,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 

test/simple/test-tls-passphrase.js

@@ -24,6 +24,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');

test/simple/test-tls-pause-close.js

@@ -24,6 +24,9 @@ if (!process.versions.openssl) {
   process.exit(0);
 }
 
+// disable strict server certificate validation by the client
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+
 var common = require('../common');
 var assert = require('assert');
 var tls = require('tls');