Merge pull request #2926 from murgatroid99/grpc-js_reject_unauthorized_fix

grpc-js: Don't check authorized when rejectUnauthorized is false

Author: murgatroid99

packages/grpc-js/src/channel-credentials.ts

@@ -268,7 +268,7 @@ class SecureConnectorImpl implements SecureConnector {
     };
     return new Promise<SecureConnectResult>((resolve, reject) => {
       const tlsSocket = tlsConnect(tlsConnectOptions, () => {
-        if (!tlsSocket.authorized) {
+        if ((this.connectionOptions.rejectUnauthorized ?? true) && !tlsSocket.authorized) {
           reject(tlsSocket.authorizationError);
           return;
         }
@@ -364,7 +364,7 @@ class CertificateProviderChannelCredentialsImpl extends ChannelCredentials {
         const tlsSocket = tlsConnect(tlsConnectOptions, () => {
           tlsSocket.removeListener('close', closeCallback);
           tlsSocket.removeListener('error', errorCallback);
-          if (!tlsSocket.authorized) {
+          if ((this.parent.verifyOptions.rejectUnauthorized ?? true) && !tlsSocket.authorized) {
             reject(tlsSocket.authorizationError);
             return;
           }

packages/grpc-js/test/test-channel-credentials.ts

@@ -218,6 +218,15 @@ describe('ChannelCredentials usage', () => {
       }
     );
   });
+  it('Should accept self-signed certs with acceptUnauthorized', done => {
+    const client = new echoService(`localhost:${portNum}`, grpc.credentials.createSsl(null, null, null, {rejectUnauthorized: false}));
+    client.echo({ value: 'test value', value2: 3 }, (error: ServiceError | null, response: any) => {
+      client.close();
+      assert.ifError(error);
+      assert.deepStrictEqual(response, { value: 'test value', value2: 3 });
+      done();
+    });
+  });
 });
 
 describe('Channel credentials mtls', () => {