Security certificate checking

[xavetar]

Add option disable security certificate checking. I don't understand why this option is needed at the TLS for DNS? Let's say I take any trusted certificate and start replacing DNS, what happens? What prevents anyone who has a trusted certificate and private key from listening to me? What then is the difference between a self-signed certificate (personally for myself) and a certificate certified by someone? What if I start doing DNS spoofing with this trusted certificate, from any trusted company? I understand that you may be using certificates from trusted companies, I use self-signed ones and it's much safer.