Proper use of curl options -k / --pinnedpubkey

Concerning the current Trojan scripts csd-post.sh/csd-wrapper.sh:

• I believe the actual purpose of the INSECURE variable is not to always run cURL insecurely. Rather, when and only when cURL option --pinnedpubkey is not available (cURL < 7.39), it should substitute -k/--insecure for --pinnedpubkey.
• Given the above purpose, the variable name is poorly chosen. It should be changed from INSECURE to MISSING_PINNEDPUBKEY or INSECURE_MISSING_PINNEDPUBKEY.
• Given the above purpose, the current logic is incorrect for cURL < 7.39: cURL is always run with -k/--insecure, instead it should run with -k/--insecure only when users specify a public key (in variable CSD_SHA256).
• Because of the above incorrect logic, the script will always print WARNING: running insecurely; will not validate CSD server certificate with cURL < 7.39.

# cURL 7.39 (https://bugzilla.redhat.com/show_bug.cgi?id=1195771)
# is required to support pin-based certificate validation. Must set this
# to false if using an older version of cURL.

INSECURE=false
if [[ "$INSECURE" == "true" ]]; then
    echo "*********************************************************************" >&2
    echo "WARNING: running insecurely; will not validate CSD server certificate" >&2
    echo "*********************************************************************" >&2
    PINNEDPUBKEY="-k"
else
    PINNEDPUBKEY="${CSD_SHA256:+"-k --pinnedpubkey sha256//$CSD_SHA256"}"
fi