ask the user for intervention if no trust chain for server cert
https://we.riseup.net/leap+client/eip-client-overview download a signature file for this ca cert. check to see if there is a signature available from any of the pre-installed keys distributed with the client. if not, and the https connection did not use a server cert signed by a standard CA, then pause and ask the user if they want to continue. i other words, consider the ca cert good if there is a signature we can trace to some pre-installed key or if it was retrieved over a connection validated by a corporate CA. this is not good, but better than a self-signed ca with no signatures.
(from redmine: created on 2012-09-26)