Title: #506: added ssl verification
Please change the title of the commit, too. It's implies that we did not verify
certs in the past.
In the future please don't call the system trust store a random collection of
CAs. It's diminishing and vilifying the hard work of the security team to
provide a secure selection of CA certs. This change is purely an attempt to
harden IPA and use the same selection of CAs everywhere.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code