Non-verification of SSL certificates is hard-coded

[DavidAnderson684]

ServicesBuilder:createBlobService() calls self::httpClient(); this gets a new HttpClient() (always with no parameters); and this in turn causes a new instantiation of \HTTP_Request2 with config parameters forcing SSL_VERIFY_PEER and SSL_VERIFY_HOST to false, and SSL_CAFILE to empty. So, there's not only no SSL verification - there's also no way to have SSL verification without replacing one of the classes.

On related notes (e.g. #747), I'd also add my voice to those proposing the removal of PEAR and HTTP_Request2 and switching to more modern/supported alternatives (like Guzzle).