The thing that you are doing doesn't disable ssl verification, it just disables verification of the hostname presented... it will still verify that the certificate presented comes via a trusted path, although the certificate can be for any host.
You need to set up an sslcontext with an "accept all" trust strategy too, I'm thinking.