Insecure HTTPS if the HttpCore implementation is used (currently it isn't)

[netmackan]

I suspect the http core HTTPS handling might not by default do proper certificate, revocation and hostname verification.
Check this!

[netmackan]

As an alternative for now I'm switching the transport implementation to use com.sun.net.httpserver+URLConnection instead of Apache HttpCore.