I'm looking through the manual and I'm not seeing where I can: 1) Specify, in the fixed muttrc configuration, a sha1 certificate fingerprint that must match on a per host basis before continuing with the connection.
2) Additionally, and optionally, validate the cert presented by any ssl/tls (or starttls upgraded) connection back to the respective root ca using a per host cert/bundle file linked to from a muttrc. I was considering making a ticket for these but wanted to ask if I'm missing some feature to do it first?
