diff options
| author | Trevor Livingston <trlivingston@paypal.com> | 2014-09-05 09:56:55 -0500 |
|---|---|---|
| committer | Fedor Indutny <fedor@indutny.com> | 2014-09-09 17:15:50 +0100 |
| commit | bf5e2f246eff55dfc33318f0ffb4572a56f7645a (patch) | |
| tree | 5ce9e5c929e4e2f1b698101596c74e7b90a30666 /lib | |
| parent | 06526a2a93794a973b01514ce43fcd40b911e143 (diff) | |
| download | nodejs-bf5e2f246eff55dfc33318f0ffb4572a56f7645a.tar.gz nodejs-bf5e2f246eff55dfc33318f0ffb4572a56f7645a.tar.bz2 nodejs-bf5e2f246eff55dfc33318f0ffb4572a56f7645a.zip | |
tls: `checkServerIdentity` option
Allow overriding `checkServerIdentity` function, when connecting to a
TLS server.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/_tls_wrap.js | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 90adefa00..4ec92801b 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -822,10 +822,14 @@ exports.connect = function(/* [port, host], options, cb */) { var defaults = { rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED, - ciphers: tls.DEFAULT_CIPHERS + ciphers: tls.DEFAULT_CIPHERS, + checkServerIdentity: tls.checkServerIdentity }; + options = util._extend(defaults, options || {}); + assert(typeof options.checkServerIdentity === 'function'); + var hostname = options.servername || options.host || options.socket && options.socket._host, @@ -912,7 +916,7 @@ exports.connect = function(/* [port, host], options, cb */) { // Verify that server's identity matches it's certificate's names if (!verifyError) { var cert = result.getPeerCertificate(); - verifyError = tls.checkServerIdentity(hostname, cert); + verifyError = options.checkServerIdentity(hostname, cert); } if (verifyError) { |