I think we should have an option for passing a custom root CAs to use when verifying server certificates when doing TLS. This could go along with pinning server certificates, or trust on first use (TOFU).
This is not supported by design. You should either use legit certificates or add your custom cert authority to your system's trust store.
Well I can understand why you don't want to support custom CAs, but pinning a server certificate is a legitimate feature request IMHO.