Allow using hosted Redis instances by default

[schneems]

Hosted Redis servers use self signed certificates (because they do not own the domain they're running on such as compute-1.amazonaws.com) therefore a full SSL connection verification will fail. The fix for that behavior is to disable verification so a self signed certificate can be used docs from a hosted Redis/Key-value store provider.

This PR makes the default behavior to allow connecting to self signed Redis servers, and introduces a new flag --strict-ssl which will require that the certificate is not self-signed.

This failing SSL connection behavior was originally reported in #292, however that issue focues on raising visibility of such failures.

[casperisfine]

Sorry, but you'll have to sign the CLA...

As for the PR, I'm not even sure we need a flag. I can't really think of a security issue caused by CI queue being pointed at the wrong Redis, unless somehow the list of test name is super secret.

[ChrisBr]

Thanks for the contribution

[schneems]

I have signed the CLA!

[schneems]

I'm not even sure we need a flag.

I don’t feel strongly about it. I generally find changes to defaults easier to get merged if there’s some sort of opt out so I did what I thought would be the path of least resistance. I have no strong reason to force full SSL checking.

It sounds like you prefer fewer config options over greater configurability. Seems reasonable.

Please confirm and I can rip that out (or feel free to take the otherwise quite simple change and run with it if it’s faster/easier for you).

[schneems]

I also opened #294 which doesn't include the configuration flags.

[ChrisBr]

Superseded by #294