diff --git a/lib/tesla/adapter/httpc.ex b/lib/tesla/adapter/httpc.ex
index 7e67f7b9..367c3cba 100644
--- a/lib/tesla/adapter/httpc.ex
+++ b/lib/tesla/adapter/httpc.ex
@@ -18,7 +18,7 @@ defmodule Tesla.Adapter.Httpc do
   @impl Tesla.Adapter
   def call(env, opts) do
     opts = Tesla.Adapter.opts(@override_defaults, env, opts)
-    opts = Tesla.Adapter.opts(default_ssl_opt(), env, opts)
+#    opts = Tesla.Adapter.opts(default_ssl_opt(), env, opts)
 
     with {:ok, {status, headers, body}} <- request(env, opts) do
       {:ok, format_response(env, status, headers, body)}
@@ -32,6 +32,7 @@ defmodule Tesla.Adapter.Httpc do
   defp default_ssl_opt do
     # TODO: verify that requires OTP 25+
     # TODO: verify that does not require any Elixir version
+    # TODO: maybe use Castore for now? cacertfile: CAStore.file_path(),
     [
       verify: :verify_peer,
       cacerts: :public_key.cacerts_get(),
diff --git a/test/tesla/adapter/httpc_test.exs b/test/tesla/adapter/httpc_test.exs
index 4e3a7aa8..4e06d1c3 100644
--- a/test/tesla/adapter/httpc_test.exs
+++ b/test/tesla/adapter/httpc_test.exs
@@ -45,4 +45,12 @@ defmodule Tesla.Adapter.HttpcTest do
 
     assert data["headers"]["content-type"] == "text/plain"
   end
+
+  describe "badssl" do
+    @describetag :integration
+
+    test "untrusted-root.badssl.com" do
+      assert {:error, :econnrefused} = Tesla.get(Tesla.client([Tesla.Middleware.JSON], Tesla.Adapter.Httpc), "https://untrusted-root.badssl.com")
+    end
+  end
 end