LDAP: permit overriding the CA root, improve SSL/TLS
Testing against a private CA and discovered it can only verify against members of the Mozilla trusted roots. This makes it possible to verify and connect to a server using a private CA.
I thought about making this a Pleroma-wide configuration but there isn't much of a point in doing this for federation. If there's ever a demand for private federation with a custom CA root we could do it, though. There are some good arguments for allowing HTTP and LDAP to have different trust roots too.
Edited by feld