I just posted issue 509, but I want to advocate for it a bit here. It’s an important change that will greatly increase the utility of your TLS support.
Right now, for any given https site, you need to provide the CA root cert as part of the request. That means that you have to have the right cert available and matched to the URL at compile time. But certs and providers churn all the time, which means you would have to update your program.
If instead of HttpsAuthentCert, the request accepted a delegate, and the delegate provided maybe a CN and thumbprint, and returned an X.509 cert, then developers could implement their own CA trusted root collection and select the correct CA public key cert at runtime.
For instance, you might export the entire CA root cert collection onto an SD card, and then you could hit any TLS web site without needing to know the URL and which cert it needs ahead of time. And if sites changed their trust chain, it wouldn’t break your program. At most, you just need to maintain a directory on an SD card, which you could update OTA from a cloud URL.
I think this is an important change that would greatly improve the utility of the network stack.