Software / code / prosody
Annotate
HACKERS @ 11749:83d6d6a70edf
net.http: fail open if surrounding code does not configure TLS
Previously, if surrounding code was not configuring the TLS context
used default in net.http, it would not validate certificates at all.
This is not a security issue with prosody, because prosody updates the
context with `verify = "peer"` as well as paths to CA certificates in
util.startup.init_http_client.
Nevertheless... Let's not leave this pitfall out there in the open.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Sun, 29 Aug 2021 15:04:47 +0200 |
| parent | 9858:54147de1d1b1 |
| rev | line source |
|---|---|
| 13 | 1 Welcome hackers! |
| 2 | |
| 1082 | 3 This project accepts and *encourages* contributions. If you would like to get |
| 4 involved you can join us on our mailing list and discussion rooms. More | |
|
7359
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
2664
diff
changeset
|
5 information on these at https://prosody.im/discuss |
| 13 | 6 |
| 1082 | 7 Patches are welcome, though before sending we would appreciate if you read |
|
9858
54147de1d1b1
doc/coding_style.{txt,md}: Update coding style guide
Matthew Wild <mwild1@gmail.com>
parents:
7359
diff
changeset
|
8 docs/coding_style.md for guidelines on how to format your code, and other tips. |
| 2664 | 9 |
|
7359
a5a080c12c96
Update every link to the documentation to use HTTPS
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
2664
diff
changeset
|
10 Documentation for developers can be found at https://prosody.im/doc/developers |
| 2664 | 11 |
| 12 Have fun :) |
