Here is something that we should propose to upstream for P. I actually would really like to have it in a security update as well, but I can see that its controversial.
At the same time IMO it simply does not make sense to have a settings "ssl-strict" and "ssl-ca-file" and only when settings the later the former is honored. I also think that ssl-strict and no ssl_ca_in_creds should be a failure, I will attach a seperate patch.
Here is something that we should propose to upstream for P. I actually would really like to have it in a security update as well, but I can see that its controversial.
At the same time IMO it simply does not make sense to have a settings "ssl-strict" and "ssl-ca-file" and only when settings the later the former is honored. I also think that ssl-strict and no ssl_ca_in_creds should be a failure, I will attach a seperate patch.