tls: move getAllowUnauthorized to internal/options

Make it so that the allow unauthorized warning can be easily reused
by the QUIC impl once that lands.

Extracted from https://github.com/nodejs/node/pull/32379

Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: https://github.com/nodejs/node/pull/32917
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

1 files changed, 18 insertions, 1 deletions

diff --git a/lib/internal/options.js b/lib/internal/options.js
index e494787b96c..03586f9dae6 100644
--- a/lib/internal/options.js
+++ b/lib/internal/options.js
@@ -3,6 +3,8 @@
 const { getOptions } = internalBinding('options');
 const { options, aliases } = getOptions();
 
+let warnOnAllowUnauthorized = true;
+
 function getOptionValue(option) {
   const result = options.get(option);
   if (!result) {
@@ -11,8 +13,23 @@ function getOptionValue(option) {
   return result.value;
 }
 
+function getAllowUnauthorized() {
+  const allowUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED === '0';
+
+  if (allowUnauthorized && warnOnAllowUnauthorized) {
+    warnOnAllowUnauthorized = false;
+    process.emitWarning(
+      'Setting the NODE_TLS_REJECT_UNAUTHORIZED ' +
+      'environment variable to \'0\' makes TLS connections ' +
+      'and HTTPS requests insecure by disabling ' +
+      'certificate verification.');
+  }
+  return allowUnauthorized;
+}
+
 module.exports = {
   options,
   aliases,
-  getOptionValue
+  getOptionValue,
+  getAllowUnauthorized,
 };