tls: make rejectUnauthorized default to true · nodejs/node@348cc80
@@ -712,7 +712,10 @@ added: v0.11.8
712712-->
713713714714* `options` {Object}
715-* `rejectUnauthorized` {boolean}
715+* `rejectUnauthorized` {boolean} If not `false`, the server certificate is verified
716+ against the list of supplied CAs. An `'error'` event is emitted if
717+ verification fails; `err.code` contains the OpenSSL error code. Defaults to
718+`true`.
716719* `requestCert`
717720* `callback` {Function} A function that will be called when the renegotiation
718721 request has been completed.
@@ -769,7 +772,7 @@ changes:
769772 connection/disconnection/destruction of `socket` is the user's
770773 responsibility, calling `tls.connect()` will not cause `net.connect()` to be
771774 called.
772-* `rejectUnauthorized` {boolean} If `true`, the server certificate is verified
775+* `rejectUnauthorized` {boolean} If not `false`, the server certificate is verified
773776 against the list of supplied CAs. An `'error'` event is emitted if
774777 verification fails; `err.code` contains the OpenSSL error code. Defaults to
775778`true`.
@@ -1012,9 +1015,9 @@ changes:
10121015* `requestCert` {boolean} If `true` the server will request a certificate from
10131016 clients that connect and attempt to verify that certificate. Defaults to
10141017`false`.
1015-* `rejectUnauthorized` {boolean} If `true` the server will reject any
1018+* `rejectUnauthorized` {boolean} If not `false` the server will reject any
10161019 connection which is not authorized with the list of supplied CAs. This
1017- option only has an effect if `requestCert` is `true`. Defaults to `false`.
1020+ option only has an effect if `requestCert` is `true`. Defaults to `true`.
10181021* `NPNProtocols` {string[]|Buffer} An array of strings or a `Buffer` naming
10191022 possible NPN protocols. (Protocols should be ordered by their priority.)
10201023* `ALPNProtocols` {string[]|Buffer} An array of strings or a `Buffer` naming
@@ -1190,9 +1193,8 @@ changes:
11901193 opened as a server.
11911194* `requestCert` {boolean} `true` to specify whether a server should request a
11921195 certificate from a connecting client. Only applies when `isServer` is `true`.
1193-* `rejectUnauthorized` {boolean} `true` to specify whether a server should
1194- automatically reject clients with invalid certificates. Only applies when
1195-`isServer` is `true`.
1196+* `rejectUnauthorized` {boolean} If not `false` a server automatically reject clients
1197+ with invalid certificates. Only applies when `isServer` is `true`.
11961198* `options`
11971199* `secureContext`: An optional TLS context object from
11981200[`tls.createSecureContext()`][]