doc: document NODE_TLS_REJECT_UNAUTHORIZED

This commit documents the NODE_TLS_REJECT_UNAUTHORIZED environment variable so that the world can know how potentially dangerous it is. PR-URL: nodejs#24289 Fixes: nodejs#24284 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
kiyomizumia · Nov 15, 2018 · ced4cf7 · ced4cf7
1 parent 1d3f45e
commit ced4cf7
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/doc/api/cli.md b/doc/api/cli.md
@@ -681,6 +681,12 @@ Path to the file used to store the persistent REPL history. The default path is
 `~/.node_repl_history`, which is overridden by this variable. Setting the value
 to an empty string (`''` or `' '`) disables persistent REPL history.
 
+### `NODE_TLS_REJECT_UNAUTHORIZED=value`
+
+If `value` equals `'0'`, certificate validation is disabled for TLS connections.
+This makes TLS, and HTTPS by extension, insecure. The use of this environment
+variable is strongly discouraged.
+
 ### `NODE_V8_COVERAGE=dir`
 
 When set, Node.js will begin outputting [V8 JavaScript code coverage][] to the