IMHO, this warrants a heads-up at least on web-devel since there may be someone relying on http-conduit to check the certificates.
Also, is http-enumerator still maintained? This fix definitely needs to be backported.
Bump version back from 126.96.36.199 to 1.1.2, since 1.1.2 wasn't released.
Regarding http-enumerator, done here: snoyberg/http-enumerator#54.
I applied your fix to an older commit, released, and then merged. Thanks!