The price oracle client inside tapd does not seem to do SSL certificate validation of the price oracle server. This is a security issue as we have no confidence that we trust the price oracle we are talking to is the one we think we are talking to.

We should have the following choices:

1. Root CAs to trust (in addition to or instead of the operating system root CA list)
2. Trust operating system root CA list (yes or no)
3. Require certificate checking
4. Don't require certificate checking
5. Pin to a specific certificate (either signed by a CA or self signed)