1. implement ability to use custom ca certs 2. implement ability to pin certain server cert hash and refuse to connect if hash does not much.
