File

net.http: fail open if surrounding code does not configure TLS Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.

Thanks for your interest in contributing to the project!

There are many ways to contribute, such as helping improve the
documentation, reporting bugs, spreading the word or testing the latest
development version.

You can find more information on how to contribute at <https://prosody.im/doc/contributing>

See also the HACKERS and README files.