Long-long time ago, our company created internal test tool that test web API for our servers. That tool simulates requests from our application, and it is using WinInet API. Tool always connection to test servers that are recreated every few days, it contains only test data. As this is testing server for our real production server, test tool using HTTPS protocol. But because it is using only for tests, it does have proper SSL certificate. Deploy script just install some self-signed certificate. Obviously testing tool cannot work by with that type of certificate and instead it just passes INTERNET_FLAG_IGNORE_CERT_CN_INVALID to HttpOpenRequest. Everything worked just fine for many years.

But several years ago, we discovered that our test tool