Just for the sake of completeness, I tested outside of the test harness.

/sw/arcts/centos7/python-dev/3.5.1/bin/python3
[bennet@flux-build-centos7-dev test]$ python3
Python 3.5.1 (default, May 11 2016, 08:50:05) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import http.client
>>> conn = http.client.HTTPSConnection("www.python.org")
>>> conn.request("GET", "/")
>>> r1 = conn.getresponse()
>>> print(r1.status, r1.reason)
200 OK

I think that indicates that it can do certificate verification of some sort and might be an indication that the issue is not with the setup but with the test.  There was some discussion of making the tests independent of connectivity in Issue25940.

There are a couple of expired certs in the test directory, but they may not be used; e.g.,

nokia.pem,
            Not After : Sep 20 23:59:59 2012 GMT
sha256.pem
            Not After : Feb 17 23:59:59 2014 GMT

I should have included this in the first submission.  Sorry for any additional mail this may generate.