enable cert verification by default (#328)

* enable cert validation by default

* add new HTTPScheme.customHTTPS option

Sources/HTTP/Responder/HTTPScheme.swift

@@ -7,10 +7,14 @@ public struct HTTPScheme {
 
     /// Enables TLS (SSL). Uses port `443` by default.
     public static var https: HTTPScheme {
+        return self.customHTTPS(.forClient())
+    }
+
+    /// Enables TLS (SSL) with custom TLS configuration. Uses port `443` by default.
+    public static func customHTTPS(_ config: TLSConfiguration) -> HTTPScheme {
         return .init(443) { channel, hostname in
             return Future.flatMap(on: channel.eventLoop) {
-                let tlsConfiguration = TLSConfiguration.forClient(certificateVerification: .none)
-                let sslContext = try SSLContext(configuration: tlsConfiguration)
+                let sslContext = try SSLContext(configuration: config)
                 let sniName = hostname.isIPAddress() ? nil : hostname
                 let tlsHandler = try OpenSSLClientHandler(context: sslContext, serverHostname: sniName)
                 return channel.pipeline.add(handler: tlsHandler)

Tests/HTTPTests/HTTPClientTests.swift

@@ -26,8 +26,8 @@ class HTTPClientTests: XCTestCase {
         try testURL("http://zombo.com", contains: "<title>ZOMBO</title>")
     }
 
-    func testAmazonWithTLS() throws {
-        try testURL("https://www.amazon.com", contains: "Amazon.com, Inc.")
+    func testGoogleWithTLS() throws {
+        try testURL("https://www.google.com/search?q=vapor+swift", contains: "web framework")
     }
 
     func testSNIWebsite() throws {
@@ -45,7 +45,7 @@ class HTTPClientTests: XCTestCase {
         ("testGoogleAPIsFCM", testGoogleAPIsFCM),
         ("testExampleCom", testExampleCom),
         ("testZombo", testZombo),
-        ("testAmazonWithTLS", testAmazonWithTLS),
+        ("testGoogleWithTLS", testGoogleWithTLS),
         ("testSNIWebsite", testSNIWebsite),
         ("testQuery", testQuery),
     ]