If TLS is enabled by sgcWebSockets client, by default certificate server is accepted and not verified. If certificate verification is required, follow next steps:

1. Handle OnSSLAfterCreateHandler event on client component and enable verification:

procedure TfrmWebSocketClient.WSClientSSLAfterCreateHandler(Sender: TObject; aType: TwsSSLHandler; aSSLHandler: TIdSSLIOHandlerSocketBase);

begin

  TIdSSLIOHandlerSocketOpenSSL(aSSLHandler).SSLOptions.VerifyMode := [sslvrfPeer];

  TIdSSLIOHandlerSocketOpenSSL(aSSLHandler).OnVerifyPeer := OnVerifyPeerEvent

end;

2. Create a new method to access server certificate info and accept connection or not

function OnVerifyPeerEvent(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean;

begin

  // if certificate is valid

  AOk := True;

  // if not is valid

  AOk := False;

end;