tails-security-check's CA pinning is not effective on sid

I guess it’s the same on Stretch. The BEGIN block does not work as it used to. This instead seems to work:

    $ua->ssl_opts(verify_hostname => 1);
    $ua->ssl_opts(SSL_ca_file     => $cafile);

To be verified: do we also need to empty SSL_ca_path to avoid the system’s /etc/ssl/certs/ from being used?

Note that we might wish to change the way tails-security-check does HTTPS requests entirely (#11810-note_1) so let’s hold on a bit here.

Original created by @intrigeri on 11812 (Redmine)

Edited Nov 22, 2019 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information