When implemented for #1, any sort of SSL certificate validation was turned off (cert chain, DNS name, OCSP). Proper verification should be enabled by default, and disabled using .with_insecure_ssl(true).

For rupsc, -S should turn on strict validation, and --insecure-ssl should keep unverified SSL on.