wget uses system CA certificates even when told not to

In the wget man page, the command line options --ca-certificate and --ca-directory have the sentence: "Without this option Wget looks for CA certificates at the system-specified locations, chosen at OpenSSL installation time." To me, that implies that *with* these options, the system-specified locations are *not* searched. (That would be useful if the sysadmin has installed certificates that the user doesn't trust.) However, it appears that even with these options, the system SSL directory /usr/lib/ssl/certs (symlink to /etc/ssl/certs) is still searched.

Running

wget --ca-certificate=/dev/null --ca-directory=/nonexistent https://www.google.com

succeeds. I would expect it to fail, having no trusted CA certificate. strace reveals that it reads a certificate from /usr/lib/ssl/certs.

Either the code should be fixed, or the man page should be clarified.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: wget 1.17.1-1ubuntu1.1
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
Date: Sat Jul 23 09:12:02 2016
SourcePackage: wget
UpgradeStatus: Upgraded to xenial on 2016-05-27 (57 days ago)