Moved rejectUnauthorized from channel option to connectionOptions

packages/grpc-js/src/channel-credentials.ts

@@ -53,6 +53,7 @@ export interface VerifyOptions {
    * has been performed on the peer certificate.
    */
   checkServerIdentity?: CheckServerIdentityCallback;
+  rejectUnauthorized?: boolean;
 }
 
 /**
@@ -198,6 +199,11 @@ class SecureChannelCredentialsImpl extends ChannelCredentials {
       this.connectionOptions.checkServerIdentity =
         verifyOptions.checkServerIdentity;
     }
+
+    if (verifyOptions?.rejectUnauthorized) {
+      this.connectionOptions.rejectUnauthorized =
+        verifyOptions.rejectUnauthorized;
+    }
   }
 
   compose(callCredentials: CallCredentials): ChannelCredentials {

packages/grpc-js/src/transport.ts

@@ -743,7 +743,6 @@ export class Http2SubchannelConnector implements SubchannelConnector {
         ...connectionOptions,
         ...address,
         enableTrace: options['grpc-node.tls_enable_trace'] === 1,
-        rejectUnauthorized: options['grpc-node.tls_reject_unauthorized'] ?? true,
       };
 
       /* http2.connect uses the options here:
@@ -838,9 +837,6 @@ export class Http2SubchannelConnector implements SubchannelConnector {
       if (options['grpc-node.tls_enable_trace']) {
         connectionOptions.enableTrace = true;
       }
-      if (options['grpc-node.tls_reject_unauthorized']) {
-        connectionOptions.rejectUnauthorized = options['grpc-node.tls_reject_unauthorized'];
-      }
     }
 
     return getProxiedConnection(address, options, connectionOptions).then(