doc: document NODE_TLS_REJECT_UNAUTHORIZED

This commit documents the NODE_TLS_REJECT_UNAUTHORIZED environment variable so that the world can know how potentially dangerous it is. PR-URL: https://github.com/nodejs/node/pull/24289 Fixes: https://github.com/nodejs/node/issues/24284 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2018-11-10 15:59:58 -05:00 · 2018-11-10 15:59:58 -05:00 · 9409883dc5
commit 9409883dc5
parent e2a8e3221b
1 changed files with 6 additions and 0 deletions
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
@ -681,6 +681,12 @@ Path to the file used to store the persistent REPL history. The default path is
 `~/.node_repl_history`, which is overridden by this variable. Setting the value
 to an empty string (`''` or `' '`) disables persistent REPL history.

+### `NODE_TLS_REJECT_UNAUTHORIZED=value`
+
+If `value` equals `'0'`, certificate validation is disabled for TLS connections.
+This makes TLS, and HTTPS by extension, insecure. The use of this environment
+variable is strongly discouraged.
+
 ### `NODE_V8_COVERAGE=dir`

 When set, Node.js will begin outputting [V8 JavaScript code coverage][] to the