Guard against invalid SSL certificates

For providers like Exchange which use libsoup to talk to a HTTPS
server it is not enough to warn the user about an invalid certificate.
We should make sure that we abort the connection before any
credentials have been sent.

Fixes: CVE-2013-1799