archive-gh-me/node-postgres
1
0
Fork 0
mirror of https://github.com/brianc/node-postgres.git synced 2025-12-08 20:16:25 +00:00
Code Issues Projects Releases Wiki Activity

Deprecate implicit TLS rejectUnauthorized: false (#2075)

Browse Source 
Yes, it treats `undefined` as `false`. Discussion in #2009. Introduced unintentionally in pg 0.8.7.
This commit is contained in:
Charmander 2020-01-15 12:59:26 -08:00 committed by Brian C
parent d456f1cda0
commit ee8d32f97c
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/pg/lib/compat/warn-deprecation.js
View File

@ -5,7 +5,7 @@ const util = require('util')
const dummyFunctions = new Map()
// Node 4 doesnt support process.emitWarning(message, 'DeprecationWarning', code).
const emitDeprecationWarning = (message, code) => {
const warnDeprecation = (message, code) => {
let dummy = dummyFunctions.get(code)
if (dummy === undefined) {
@ -16,4 +16,4 @@ const emitDeprecationWarning = (message, code) => {
dummy()
}
module.exports = emitDeprecationWarning
module.exports = warnDeprecation

5
packages/pg/lib/connection-fast.js
View File

@ -15,6 +15,8 @@ var Writer = require('buffer-writer')
// eslint-disable-next-line
var PacketStream = require('pg-packet-stream')
var warnDeprecation = require('./compat/warn-deprecation')
var TEXT_MODE = 0
// TODO(bmc) support binary mode here
@ -105,6 +107,9 @@ Connection.prototype.connect = function (port, host) {
secureOptions: self.ssl.secureOptions,
NPNProtocols: self.ssl.NPNProtocols
}
if (typeof self.ssl.rejectUnauthorized !== 'boolean') {
warnDeprecation('Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify `rejectUnauthorized: true` to require a valid CA or `rejectUnauthorized: false` to explicitly opt out of MITM protection.', 'PG-SSL-VERIFY')
}
if (net.isIP(host) === 0) {
options.servername = host
}

5
packages/pg/lib/connection.js
View File

@ -14,6 +14,8 @@ var util = require('util')
var Writer = require('buffer-writer')
var Reader = require('packet-reader')
var warnDeprecation = require('./compat/warn-deprecation')
var TEXT_MODE = 0
var BINARY_MODE = 1
var Connection = function (config) {
@ -103,6 +105,9 @@ Connection.prototype.connect = function (port, host) {
secureOptions: self.ssl.secureOptions,
NPNProtocols: self.ssl.NPNProtocols
}
if (typeof self.ssl.rejectUnauthorized !== 'boolean') {
warnDeprecation('Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify `rejectUnauthorized: true` to require a valid CA or `rejectUnauthorized: false` to explicitly opt out of MITM protection.', 'PG-SSL-VERIFY')
}
if (net.isIP(host) === 0) {
options.servername = host
}