When on, the phone checks whether the FQDN of the server it is trying to connect to via TLS appears either as CN in the subject field or is listed in the IP/DNS fields of the Subject Alternative Names(SAN) extension of the certificate presented by the server. If the name/IP is not found, the certificate is rejected.
If the server has been entered in the phone settings as an IP address, this check will only accept the connection if the IP address is present in the IP field of the SAN. The certificate Common Name and DNS fields of the SAN will in this case be ignored.
Note for SIP over TLS with SRV+NAPTR:
The host name validation can be controlled with the setting host_name_validation_flags
Note for version 8.x: This setting has no effect if TLS Server Authentication is turned off.
UC Edition and Version 10.x: on
Non-UC Edition and Version 8.x: off