A new version of the Hiawatha webserver has been released. Several changes has been made to further improve the SSL capabilities of this webserver.
One of those changes is the addition of the CAcertificates setting, which allows you to specify one or more CA certificates. This allows Hiawatha to verify the authenticity of the peer in case it acts as an SSL client, which it does for a reverse proxy and websockets. It was always my idea that the reverse proxy functionality should only be used for local applications that only speak HTTP instead of the usual (Fast)CGI or for SSL offloading. SSL support was included for the rare situation where a local HTTP-speaking webapp only speaks HTTPS, for which SSL validation is not required. I think I never explained this intended usage well enough, because I found out that several people used Hiawatha's reverse proxy functionality to connect via HTTPS to other webservers via the internet. This requires SSL certificate validation to make the connection secure. That's why I included the CAcertificates option.
If not set, SSL connections made by Hiawatha are not validated and therefor not really secure. Only do that for local connections or within a trusted network. Otherwise, use this option to feed Hiawatha with trusted CA certificates.