From becbe9e246fc2d228c7fb32f5bcc41b5aa97819d Mon Sep 17 00:00:00 2001
From: James M Snell <jasnell@gmail.com>
Date: Sat, 18 Apr 2020 11:25:04 -0700
Subject: [PATCH] tls: move getAllowUnauthorized to internal/options

Make it so that the allow unauthorized warning can be easily reused
by the QUIC impl once that lands.

Extracted from https://github.com/nodejs/node/pull/32379

Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: https://github.com/nodejs/node/pull/32917
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
---
 lib/_tls_wrap.js        | 17 +++++------------
 lib/internal/options.js | 19 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index cc1e08ecc15a22..2370e5e66d3991 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -69,7 +69,10 @@ const {
   ERR_TLS_INVALID_STATE
 } = codes;
 const { onpskexchange: kOnPskExchange } = internalBinding('symbols');
-const { getOptionValue } = require('internal/options');
+const {
+  getOptionValue,
+  getAllowUnauthorized,
+} = require('internal/options');
 const {
   validateString,
   validateBuffer,
@@ -1539,22 +1542,12 @@ function onConnectEnd() {
   }
 }
 
-let warnOnAllowUnauthorized = true;
-
 // Arguments: [port,] [host,] [options,] [cb]
 exports.connect = function connect(...args) {
   args = normalizeConnectArgs(args);
   let options = args[0];
   const cb = args[1];
-  const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';
-
-  if (allowUnauthorized && warnOnAllowUnauthorized) {
-    warnOnAllowUnauthorized = false;
-    process.emitWarning('Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
-                        'environment variable to \'0\' makes TLS connections ' +
-                        'and HTTPS requests insecure by disabling ' +
-                        'certificate verification.');
-  }
+  const allowUnauthorized = getAllowUnauthorized();
 
   options = {
     rejectUnauthorized: !allowUnauthorized,
diff --git a/lib/internal/options.js b/lib/internal/options.js
index e494787b96c088..03586f9dae6d76 100644
--- a/lib/internal/options.js
+++ b/lib/internal/options.js
@@ -3,6 +3,8 @@
 const { getOptions } = internalBinding('options');
 const { options, aliases } = getOptions();
 
+let warnOnAllowUnauthorized = true;
+
 function getOptionValue(option) {
   const result = options.get(option);
   if (!result) {
@@ -11,8 +13,23 @@ function getOptionValue(option) {
   return result.value;
 }
 
+function getAllowUnauthorized() {
+  const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';
+
+  if (allowUnauthorized && warnOnAllowUnauthorized) {
+    warnOnAllowUnauthorized = false;
+    process.emitWarning(
+      'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
+      'environment variable to \'0\' makes TLS connections ' +
+      'and HTTPS requests insecure by disabling ' +
+      'certificate verification.');
+  }
+  return allowUnauthorized;
+}
+
 module.exports = {
   options,
   aliases,
-  getOptionValue
+  getOptionValue,
+  getAllowUnauthorized,
 };