feat: add checkServerIdentity override

sidorares · Nov 22, 2023 · 2c93d41 · 2c93d41
1 parent ee43891
commit 2c93d41
Showing 1 changed file with 5 additions and 13 deletions.
diff --git a/lib/connection.js b/lib/connection.js
@@ -353,8 +353,9 @@ class Connection extends EventEmitter {
       minVersion: this.config.ssl.minVersion,
       maxVersion: this.config.ssl.maxVersion
     });
-    const rejectUnauthorized = this.config.ssl.rejectUnauthorized;
-    const verifyIdentity = this.config.ssl.verifyIdentity;
+    const rejectUnauthorized = this.config.ssl.rejectUnauthorized === undefined ? true : this.config.ssl.rejectUnauthorized;
+    const verifyIdentity = this.config.ssl.verifyIdentity === undefined ? true : this.config.ssl.verifyIdentity;
+    const checkServerIdentity = (verifyIdentity && rejectUnauthorized) ? (this.config.ssl.checkServerIdentity || Tls.checkServerIdentity) : () => null;
     const servername = this.config.host;
 
     let secureEstablished = false;
@@ -365,19 +366,10 @@ class Connection extends EventEmitter {
       secureContext,
       isServer: false,
       socket: this.stream,
-      servername
+      servername,
+      checkServerIdentity
     }, () => {
       secureEstablished = true;
-      if (rejectUnauthorized) {
-        if (typeof servername === 'string' && verifyIdentity) {
-          const cert = secureSocket.getPeerCertificate(true);
-          const serverIdentityCheckError = Tls.checkServerIdentity(servername, cert);
-          if (serverIdentityCheckError) {
-            onSecure(serverIdentityCheckError);
-            return;
-          }
-        }
-      }
       onSecure();
     });
     // error handler for secure socket