Add warning when using HTTPS with mod_curl

mod_curl currently does not verify the authenticity of the peer's
certificate, and does not verify whether the common name on the
certificate matches the server.  This makes mod_curl initiated TLS
connections completely insecure.  We should fix this, but until we do,
we'll warn people that it's not doing what they may think it is.

ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
ref: http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

src/mod/applications/mod_curl/mod_curl.c

@@ -194,6 +194,7 @@ static http_data_t *do_lookup_url(switch_memory_pool_t *pool, const char *url, c
 	}
 
 	if (!strncasecmp(url, "https", 5)) {
+		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", url);
 		switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
 		switch_curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0);
 	}
@@ -357,6 +358,7 @@ static void http_sendfile_initialize_curl(http_sendfile_data_t *http_data)
 	
 	if (!strncasecmp(http_data->url, "https", 5))
 	{
+		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not verifying TLS cert for %s; connection is not secure\n", http_data->url);
 		curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYPEER, 0);
 		curl_easy_setopt(http_data->curl_handle, CURLOPT_SSL_VERIFYHOST, 0);
 	}