No real pinning happening
We are downloading the CA certificate from the provider and assuming it's not compromised, because we don't compare its fingerprint with a pre-stored one.
We should add the known fingerprint to the provider list json file, and it would be great if we'd let the user to define its own fingerprint while creating a new provider.
(from redmine: created on 2014-09-17, closed on 2014-10-10)