diff --git a/configure.ac b/configure.ac
index 2a590f3..94cf4f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -321,6 +321,23 @@ if test $app_cv_fvisibility_ok = yes; then
 fi
 
 dnl ---------------------------------------------------------------------------
+dnl Allow self signed certificates in SSL connections?
+dnl ---------------------------------------------------------------------------
+
+AC_ARG_ENABLE([self-signed-certs],
+	[AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])],
+[
+	app_cv_self_signed_certs="$enableval"
+],[
+	app_cv_self_signed_certs="yes"
+])
+
+if test "$app_cv_self_signed_certs" == "yes"; then
+	AC_DEFINE(ENABLE_SELF_SIGNED_CERT)
+fi
+
+
+dnl ---------------------------------------------------------------------------
 dnl Check for pic
 dnl ---------------------------------------------------------------------------
 AC_ARG_ENABLE([pic],
diff --git a/src/include/config.h.in b/src/include/config.h.in
index c0b8a23..af83bc4 100644
--- a/src/include/config.h.in
+++ b/src/include/config.h.in
@@ -49,6 +49,8 @@
 	#undef HAVE_ICONV
 	#undef ICONV_CONST
 
+	#undef ENABLE_SELF_SIGNED_CERT
+
 #ifdef WIN32
 	#undef HAVE_WIN_REGISTRY
 #endif // HAVE_WIN_REGISTRY
diff --git a/src/lib3270/ssl.c b/src/lib3270/ssl.c
index 3a52d15..db5c8ed 100644
--- a/src/lib3270/ssl.c
+++ b/src/lib3270/ssl.c
@@ -136,7 +136,13 @@ int ssl_negotiate(H3270 *hSession)
 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 		peer = SSL_get_peer_certificate(hSession->ssl_con);
 		trace_dsn(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
+
+#ifdef ENABLE_SELF_SIGNED_CERT
 		break;
+#else
+		lib3270_disconnect(hSession);
+		return -1;
+#endif // ENABLE_SELF_SIGNED_CERT
 
 	default:
 		trace_dsn(hSession,"Unexpected or invalid TLS/SSL verify result %d\n",rv);
--
libgit2 0.21.2