Disable SSL cert verification by default.

Having it enabled by default would break existing bots just by
doing the update.
Let's just show a warning and give owners some time to update
their config, for the moment.

src/conf.py

@@ -1175,7 +1175,7 @@ utils.web.proxy = supybot.protocols.http.proxy
 ###
 registerGroup(supybot.protocols, 'ssl')
 registerGlobalValue(supybot.protocols.ssl, 'verifyCertificates',
-    registry.Boolean(True, _("""Determines whether server certificates
+    registry.Boolean(False, _("""Determines whether server certificates
     will be verified. Valid values are "required", "optional", and "none".
     The default and recommended setting is "required", which checks the
     server certificate is signed by a known Certificate Authority, and

src/drivers/Socket.py

@@ -361,11 +361,17 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin):
             drivers.log.warning('Could not find cert file %s.' %
                     certfile)
             certfile = None
+        verifyCertificates = conf.supybot.protocols.ssl.verifyCertificates()
+        if not verifyCertificates:
+            drivers.log.warning('Not checking SSL certificates, connections '
+                    'are vulnerable to man-in-the-middle attacks. Set '
+                    'supybot.protocols.ssl.verifyCertificates to "true" '
+                    'to enable validity checks.')
         try:
             self.conn = utils.net.ssl_wrap_socket(self.conn,
                     logger=drivers.log, hostname=self.server[0],
                     certfile=certfile,
-                    verify=conf.supybot.protocols.ssl.verifyCertificates(),
+                    verify=verifyCertificates,
                     trusted_fingerprints=network_config.ssl.serverFingerprints(),
                     )
         except ssl.CertificateError as e: