diff --git a/configure.ac b/configure.ac
index ffe4c1c..b57949a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -341,20 +341,20 @@ dnl ---------------------------------------------------------------------------
 dnl SSL Security options
 dnl ---------------------------------------------------------------------------
 
-AC_ARG_ENABLE([self-signed-certs],
-	[AS_HELP_STRING([--disable-self-signed-certs], [disable SSL connection when host presents a self signed certificate])],
+AC_ARG_ENABLE([self-signed-cert-check],
+	[AS_HELP_STRING([--enable-self-signed-cert-check], [Reject SSL connection when host presents a self signed certificate])],
 [
 	app_cv_self_signed_certs="$enableval"
 ],[
-	app_cv_self_signed_certs="yes"
+	app_cv_self_signed_certs="no"
 ])
 
 if test "$app_cv_self_signed_certs" == "yes"; then
-	AC_DEFINE(SSL_ALLOW_SELF_SIGNED_CERT)
+	AC_DEFINE(SSL_ENABLE_SELF_SIGNED_CERT_CHECK)
 fi
 
-AC_ARG_ENABLE([expired-crl],
-	[AS_HELP_STRING([--disable-expired-crl], [disable SSL connection when host presents an expired certificate revocation list])],
+AC_ARG_ENABLE([crl-expiration-check],
+	[AS_HELP_STRING([--enable-crl-expiration-check], [Reject SSL connection when host presents an expired certificate revocation list])],
 [
 	app_cv_expired_crl="$enableval"
 ],[
@@ -362,7 +362,7 @@ AC_ARG_ENABLE([expired-crl],
 ])
 
 if test "$app_cv_expired_crl" == "yes"; then
-	AC_DEFINE(SSL_ALLOW_EXPIRED_CRL)
+	AC_DEFINE(SSL_ENABLE_CRL_EXPIRATION_CHECK)
 fi
 
 
@@ -378,7 +378,13 @@ if test "$app_cv_enable_crl_check" == "yes"; then
 	AC_DEFINE(SSL_ENABLE_CRL_CHECK)
 fi
 
-AC_ARG_WITH([default-crl], [AS_HELP_STRING([--with-default-crl], [Set lib3270 default crl url])], [ AC_DEFINE_UNQUOTED(LIB3270_DEFAULT_CRL,"$withval") ],[ AC_MSG_NOTICE(No default crl)])
+AC_ARG_WITH([default-crl-url], 
+	[AS_HELP_STRING([--with-default-crl-url], [Set lib3270 default crl url])], 
+[ 
+	AC_DEFINE_UNQUOTED(SSL_DEFAULT_CRL_URL,"$withval") 
+],[ 
+	AC_MSG_NOTICE(No default crl url)
+])
 
 dnl ---------------------------------------------------------------------------
 dnl Check for pic
diff --git a/lib3270.cbp b/lib3270.cbp
index e405eb9..0d78c40 100644
--- a/lib3270.cbp
+++ b/lib3270.cbp
@@ -39,7 +39,6 @@
 		<Unit filename="LICENCA" />
 		<Unit filename="LICENSE" />
 		<Unit filename="README.md" />
-		<Unit filename="configure.ac" />
 		<Unit filename="gitsync.sh" />
 		<Unit filename="src/include/3270ds.h" />
 		<Unit filename="src/include/actionsc.h" />
diff --git a/src/include/config.h.in b/src/include/config.h.in
index 7ae17a0..b0a13fa 100644
--- a/src/include/config.h.in
+++ b/src/include/config.h.in
@@ -53,10 +53,12 @@
 	/* Security options */
 	#undef HAVE_LDAP
 	#undef HAVE_LIBSSL
-	#undef SSL_ALLOW_SELF_SIGNED_CERT
-	#undef SSL_ALLOW_EXPIRED_CRL
+
+	#undef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
+
 	#undef SSL_ENABLE_CRL_CHECK
-	#undef LIB3270_DEFAULT_CRL
+	#undef SSL_ENABLE_CRL_EXPIRATION_CHECK
+	#undef SSL_DEFAULT_CRL_URL
 
 	/* Windows Options */
 #ifdef WIN32
diff --git a/src/lib3270/properties.c b/src/lib3270/properties.c
index 0840c25..b9c4a2b 100644
--- a/src/lib3270/properties.c
+++ b/src/lib3270/properties.c
@@ -298,11 +298,11 @@
 	if(hSession->ssl.crl)
 		return hSession->ssl.crl;
 
-#ifdef LIB3270_DEFAULT_CRL
-	return LIB3270_DEFAULT_CRL;
+#ifdef SSL_DEFAULT_CRL_URL
+	return SSL_DEFAULT_CRL_URL;
 #else
 	return getenv("LIB3270_DEFAULT_CRL");
-#endif // LIB3270_DEFAULT_CRL
+#endif // SSL_DEFAULT_CRL_URL
 
 #else
 	errno = ENOTSUP;
@@ -310,7 +310,6 @@
 #endif
  }
 
-
  int lib3270_set_crl_url(H3270 *hSession, const char *crl)
  {
 
diff --git a/src/lib3270/ssl/negotiate.c b/src/lib3270/ssl/negotiate.c
index 94f365f..a01beca 100644
--- a/src/lib3270/ssl/negotiate.c
+++ b/src/lib3270/ssl/negotiate.c
@@ -195,14 +195,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 	case X509_V_ERR_CRL_HAS_EXPIRED:
 		trace_ssl(hSession,"%s","The CRL of a certificate has expired.\n" );
 
-#ifdef SSL_ALLOW_EXPIRED_CRL
-		break;
-#else
+#ifdef SSL_ENABLE_CRL_EXPIRATION_CHECK
 		((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
 		((SSL_ERROR_MESSAGE *) message)->text = _( "The CRL has expired." );
 		((SSL_ERROR_MESSAGE *) message)->description = _( "The Certificate revocation list (CRL) has expired." );
 		return -1;
-#endif // SSL_ALLOW_EXPIRED_CRL
+#else
+		break;
+#endif // SSL_ENABLE_CRL_EXPIRATION_CHECK
 
 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 
@@ -211,14 +211,14 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 		debug("%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain" );
 		trace_ssl(hSession,"%s","TLS/SSL negotiated connection complete with self signed certificate in certificate chain\n" );
 
-#ifdef SSL_ALLOW_SELF_SIGNED_CERT
-		break;
-#else
+#ifdef SSL_ENABLE_SELF_SIGNED_CERT_CHECK
 		((SSL_ERROR_MESSAGE *) message)->title = _( "SSL error" );
 		((SSL_ERROR_MESSAGE *) message)->text = _( "The SSL certificate for this host is not trusted." );
 		((SSL_ERROR_MESSAGE *) message)->description = _( "The security certificate presented by this host was not issued by a trusted certificate authority." );
 		return -1;
-#endif // SSL_ALLOW_SELF_SIGNED_CERT
+#else
+		break;
+#endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
 
 	default:
 
--
libgit2 0.21.2