The node.js https library exposes checkServerIdentity() callback so that developers can apply custom validation logic to the server's presented certificate. The python requests library has a similar cert_verify method that can be overridden to apply custom validation. I'm sure examples exist for other languages, but those are the ones I know of off the top of my head.

The most common use case I've heard described is to do cert pinning. In our case, we need to be able to do custom host name validation because our server certificates encode multiple dimensions of data in proprietary x509 extensions that some clients want to inspect.

OpenSSL provides a callback interface to which grpc-core is currently just passing a hardcoded NULL. It would be nice if this was exposed as an option all the way up to the sslcredentials libraries.