OpenSSL's default CA locations are not enabled

[gnb]

If the profile contains 'use_https' but not 'ssl_ca_list' then the function SSL_CTX_set_default_verify_paths() is never called to initialise an SSL context to point to the operating system's default set of CA certificates. So if a server sends a certificate it is never verified.

[shanbhagsv]

Even it use_https is enabled & only ssl_ca_list is set then server certificate is not verified as connection is successful even if ssl_ca_list contains any cacert.pem using which server certificate cannot be verified.