SSL certificate validation on non-Windows OS

[tuxuser]

Non-Windows operating systems do not have the required ROOT CA to verify the SSL connection.

Here is a workaround that simply accepts any certificate.

How could we solve this in a cleaner/better/more secure way?

Obviously, the official way would be to import the needed ROOT CA in the system's keystore .. but I would prefer to do it in a userspace way.

• Fetch a list of valid certificate fingerprints and add them to an array of trusted fingerprints?
  • Drawback: The subdomain certs only have a short validity, so it would need a lot of updates / maintainance
• Any other ideas?