Update documentation to make *obvious* which platforms do not support certificate validation

[atomontage]

Since it's pretty much all of them besides allegro and mocl.

[hanshuebner]

Can you open a pull request with the suggested change?

[atomontage]

I would if it was straightforward (just an html change) but it seems I need to get clixdoc (which isn't quicklisp installable) figure out how to use that and change the xsl. I might work on the missing certificate validation though, at least for SBCL/CCL, since I need it. I'll try and do it with drakma first, and if it turns out to be too much trouble I'll look for something else.

[tdrhq]

I am so confused.. this sounds like a huge security issue. I just discovered this by accident since I was writing code that was intentionally hitting a self-signed server and it didn't validate.

[tdrhq]

Oh, looks like I need to set this up in cl+ssl. It's definitely an unsafe default, but I guess I can understand why this is so.

For the record, I had to do this: (setf (cl+ssl:ssl-check-verify-p) t) (cl+ssl:ssl-set-global-default-verify-paths)

[libre-man]

Wouldn't it make more sense to enable ssl verification on all platforms that support it? And when enabling ssl verification, as @tdrhq stated, cl+ssl:ssl-check-verify-p is not set to T so some verification checks are not done even when ssl verification is required.

[hanshuebner]

Both a code and/or a documentation change are acceptable, and I can take care of turning the change in the XML documentation into docstrings and HTML.