The certificate signed by VeriSign is most definitely part of the certificate validation.
The certificate is a root certificate that you trust because you have it installed in your system. These trusted certificates are preinstalled in your computer by your OS's distributor.
Root certificates are necessary because they provide a source of trust in the certificate chain. That is, you trust the user certificate because it has been signed by DigiCert, and you trust DigiCert because it's certificate has been signed by VeriSign, which you trust because you trust VeriSign.
There is nothing special about VeriSign. They are an enterprise whose business is precisely being trusted. They give certificates to people ad enterprises that prove that they are who they say they are, and we all trust that they do their job well (i.e. that they will only give a certificate in DigiCert's name to the actual DigiCert, not to anybody else).
Root certificates are necessary in TLS validation to avoid MITM attacks. If there were no root certificates, when a website gave you a certificate for their domain name, you wouldn't know whether it was the actual website that has signed the certificate, or someone else posing as the website (a Man in The Middle). VeriSign takes care of that identity verification for you (or rather, they give a certificate to DigiCert to do it by themselves).
If you didn't trust the root certificate, or the certificate given by a website was self-signed, expired, not yet valid or in any other way not trustable, curl would refuse the TLS handshake and throw an error.