Comment by londons_explore
Comment by londons_explore 2 days ago
A better rule might be "You must use our HTTPSClient class, and it either uses the system+user trust stores, or optionally it uses an application supplied certificate authority+the user trust store".