In Nim standard library httpClient SSL/TLS certificate verification was disabled by default. The behavior was documented at https://nim-lang.org/docs/net.html
Set "verifyMode = CVerifyPeer" as documented
https://nim-lang.org/blog/2020/04/03/version-120-released.html nim-lang/Nim#782 https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
In Nim standard library httpClient SSL/TLS certificate verification was disabled by default.
The behavior was documented at https://nim-lang.org/docs/net.html
Workarounds
Set "verifyMode = CVerifyPeer" as documented
References
https://nim-lang.org/blog/2020/04/03/version-120-released.html
nim-lang/Nim#782
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/