From 95c9171c59c2291baef3f8b241c92cdd9c9bae75 Mon Sep 17 00:00:00 2001
From: Bruno Oliveira <boliveira@citco.com>
Date: Thu, 19 Sep 2024 19:05:45 +0000
Subject: [PATCH] read frpm process.env NODE_TLS_REJECT_UNAUTHORIZED when
 strictSSL is not defined

---
 lib/options.js  |  7 ++++++-
 test/options.js | 24 ++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/options.js b/lib/options.js
index f775112..db51cc6 100644
--- a/lib/options.js
+++ b/lib/options.js
@@ -11,7 +11,12 @@ const conditionalHeaders = [
 const configureOptions = (opts) => {
   const { strictSSL, ...options } = { ...opts }
   options.method = options.method ? options.method.toUpperCase() : 'GET'
-  options.rejectUnauthorized = strictSSL !== false
+
+  if (strictSSL === undefined || strictSSL === null) {
+    options.rejectUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED !== '0'
+  } else {
+    options.rejectUnauthorized = strictSSL !== false
+  }
 
   if (!options.retry) {
     options.retry = { retries: 0 }
diff --git a/test/options.js b/test/options.js
index b81110d..9f9a897 100644
--- a/test/options.js
+++ b/test/options.js
@@ -82,6 +82,30 @@ t.test('configure options', async (t) => {
       'should treat strictSSL: null as true just like tls.connect')
   })
 
+  t.test('when NODE_TLS_REJECT_UNAUTHORIZED is defined', async (t) => {
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
+
+    t.same(configureOptions({ }).rejectUnauthorized, false,
+      'should return rejectUnauthorized false when NODE_TLS_REJECT_UNAUTHORIZED="0" ' +
+      'and strictSSL is undefined')
+
+    t.same(configureOptions({ strictSSL: null }).rejectUnauthorized, false,
+      'should return rejectUnauthorized false when NODE_TLS_REJECT_UNAUTHORIZED="0" ' +
+      'and strictSSL is null')
+
+    t.same(configureOptions({ strictSSL: true }).rejectUnauthorized, true,
+      'should return rejectUnauthorized true when NODE_TLS_REJECT_UNAUTHORIZED="0" ' +
+      'and strictSSL is true')
+
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1'
+
+    t.same(configureOptions({ strictSSL: false }).rejectUnauthorized, false,
+      'should return rejectUnauthorized false when NODE_TLS_REJECT_UNAUTHORIZED="1" ' +
+      'and strictSSL is false')
+
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = undefined
+  })
+
   t.test('should set dns property correctly', async (t) => {
     t.test('no property given', async (t) => {
       const actualOpts = { method: 'GET' }