The library currently ships with the specific Twilio server cert served by the Twilio API, effectively pinning that cert to the library. This is bad, since the library will break when the API changes certs after expiration or invalidation.
The library should ship with a standard CA cert whitelist such as the one here: http://curl.haxx.se/docs/caextract.html
agreed, will try to figure out a way to test this change today.
Verify SSL with a standard CA cert whitelist
Uses the cacert.pem file generated by Mozilla, and curated here:
Tested extensively on a dev box.