tls: deprecate NODE_TLS_REJECT_AUTHORIZED
Fixes #5258 (closed)
Included in this PR
- Deprecates the
NODE_TLS_REJECT_AUTHORIZED
environment variable - Replaces it with
NODE_TLS_INSECURELY_ACCEPT_UNTRUSTED_CERTIFICATES
Also thinking of adding type validation for the rejectUnauthorized
option, so that it must be the boolean false
to disable cert checking, rather than any falsey value, as follows:
// require `false`, not just a "falsey" value, to forego cert validation
assert(typeof options.rejectUnauthorized === 'boolean',
'options.rejectUnauthorized is not boolean: ' +
options.rejectUnauthorized);
Let me know if this is likely to break existing code.
Not included
- The option is still called
rejectUnauthorized
. We could deprecate that as well and replace it withinsecurelyAcceptUntrustedCerts
or similar, but I don't know if it's worth it --- @ChALkeR found that the existing option is used in a lot of npm modules.