Setting `sslverify` to false still validates the hostname

[dd32]

Under 4.5.x when you set sslverify to false it'd make a HTTPS connection and ignore the validity of the certificate presented.
Under 4.6/4.6.1 it still ignores the validity, but verifies that the SSL matches the domain (ie. example.com cert would be rejected for a example.net request).

This was fixed upstream in ​https://github.com/rmccue/Requests/pull/239

[dd32]

In 38727:

HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues.

Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the Host: header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

[dd32]

In 38728:

HTTP: Update Requests to master (0048f3c) which fixes a number of outstanding issues.

Merges [38727] to the 4.6 branch.

Fixes #38070, #37733 by reverting part of [38429] and using the fix in Requests.
Fixes #37992 allowing for connecting to SSL resources on ports other than 443.
Fixes #37991 by not sending default ports in the Host: header.
Fixes #37839 to match and decode Chunked responses correctly.
Fixes #38232 allowing a SSL connection to ignore the hostname of the certificate when verification is disabled.

[dd32]

Seems #34381 is a earlier incarnation of this, although it affected us in slightly different ways.

[dd32]

#34381 was marked as a duplicate.