Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn"t validating certificates against trusted system root CAs when using an https connection.