For the tests, 'someweirdvalue' is interpreted as False sound too lenient. I think we should tighten it up a bit in the future.
btw, I haven't came across a deployment where the insecure flag, if set, is meant to "enable" cert validation. Its always the other way around. If "insecure" is set, its most likely meant to turn off cert validate regardless of its value. So the impact may not as bad as we think.
+1 for both the patch and impact desc.
For the tests, 'someweirdvalue' is interpreted as False sound too lenient. I think we should tighten it up a bit in the future.
btw, I haven't came across a deployment where the insecure flag, if set, is meant to "enable" cert validation. Its always the other way around. If "insecure" is set, its most likely meant to turn off cert validate regardless of its value. So the impact may not as bad as we think.