How to make apt-transport-https accept security.debian.org bad certificate?

[Mario Castelán Castro]

Hello.

I intend to use a secure connection (that means at the *transport* 
level) for downloading packages and lists from the Debian repository. I 
installed apt-transport-https. There seems to be no list of mirrors that 
accept HTTPS; nonetheless, I found that some listed mirrors accept HTTPS 
(for example mirrors.kernel.org). I configured one of them in my 
"sources.list".

When I run "apt-get update", I get the following error:

-----BEGIN PASTED TEXT----
Err https://security.debian.org wheezy/updates/main Sources
  SSL: certificate subject name (debian.org) does not match target host 
name 'security.debian.org'
Err https://security.debian.org wheezy/updates/main amd64 Packages
  SSL: certificate subject name (debian.org) does not match target host 
name 'security.debian.org'
Fetched 7637 kB in 33s (231 kB/s)
W: Failed to fetch 
https://security.debian.org/dists/wheezy/updates/main/source/Sources 
SSL: certificate subject name (debian.org) does not match target host 
name 'security.debian.org'

W: Failed to fetch 
https://security.debian.org/dists/wheezy/updates/main/binary-amd64/Packages 
 SSL: certificate subject name (debian.org) does not match target host 
name 'security.debian.org'

E: Some index files failed to download. They have been ignored, or old 
ones used instead.
-----END PASTED TEXT----

There is a problem: security.debian.org has a bad certificate and there 
are no official mirrors. The certificate is only valid for 
"www.debian.org" and "debian.org", not "security.debian.org". You can 
check this with your browser by going to https://security.debian.org/.

My question is: How can I make "apt-get" accept the certificate anyway, 
but only _this_ certificate or other certificates that are otherwise 
valid but have the same subdomain mismatch error (it should reject a 
bogus certificate from an attacker)?. In addition, where is the correct 
place to report this error?.

The relevant lines in "/etc/apt/sources.list" are:

-----BEGIN PASTED TEXT----
deb https://security.debian.org/ wheezy/updates main
deb-src https://security.debian.org/ wheezy/updates main
-----END PASTED TEXT----

I know that the packages are signed. I am not looking for suggestions to 
not to use HTTPS. I can use unencrypted connections, of course, but  I 
am looking to have an added layer of security.

Regards and thanks in advance.