Pass Through Host Certificate Validation
Choose whether to enable or disable the default certificate validation
process during SSL/TLS handshake. Default is enable the certification
validation. Applicable only for Microsoft schannel provider.
Note: By default, schannel (MSCAPI) is responsible for validating
the host certificate chain received during SSL/TLS handshake. Schannel
runs several checks on the received certificate chain, one of which
is verifying that the signature affixed to the certificate is valid.
The hash value computed on the certificate contents must match the
value that results from decrypting the signature field using the public
component of the issuer. In order to perform this operation, you must
possess the public component of the issuer, either through some integrity-assured
channel, or by extracting it from another (validated) certificate.
The default certificate validation process is exhaustive and runs
several checks on the host certificate chain in order to successfully
validate it. By enabling this option, you would effectively suppress
the default validation done by schannel and the identity of the host
would not be verified. Using this option is not recommended.