Net/HTTP doesn't take verify_callback into account when OpenSSL::SSL::VERIFY_NONE
In (at least) net/http, the TLS connection is OK even if
verify_mode is set to
The callback is really called, but the TLS handshake is not stopped.
Use case: self-signed certificate (so imply
VERIFY_NONE) but direct key pinning for trust (implying
Enclosed to this ticket, a example to reproduce the trouble.
For me, because of
false in all case, none of the connection must succeed.