diff --git a/src/core/properties/boolean.c b/src/core/properties/boolean.c
index 9fc32db..74e0e05 100644
--- a/src/core/properties/boolean.c
+++ b/src/core/properties/boolean.c
@@ -52,11 +52,21 @@
 	hSession->ssl.crl.download = enabled ? 1 : 0;
 	return 0;
  }
+
+LIB3270_EXPORT int lib3270_ssl_get_crl_download(const H3270 *hSession)
+{
+	return hSession->ssl.crl.download;
+}
 #else
  LIB3270_EXPORT int lib3270_ssl_set_crl_download(H3270 GNUC_UNUSED(*hSession), int GNUC_UNUSED(enabled))
  {
 	return errno = ENOTSUP;
  }
+
+ LIB3270_EXPORT int lib3270_ssl_get_crl_download(H3270 GNUC_UNUSED(*hSession))
+ {
+	return 0;
+ }
 #endif // SSL_ENABLE_CRL_CHECK
 
  const LIB3270_INT_PROPERTY * lib3270_get_boolean_properties_list(void)
@@ -199,6 +209,13 @@
 		},
 
 		{
+			.name = "crlget",													//  Property name.
+			.description = N_( "Non zero if the download of CRL is enabled" ),	//  Property description.
+			.get = lib3270_ssl_get_crl_download,								//  Get value.
+			.set = lib3270_ssl_set_crl_download									//  Set value.
+		},
+
+		{
 			.name = NULL,
 			.description = NULL,
 			.get = NULL,
diff --git a/src/include/lib3270/properties.h b/src/include/lib3270/properties.h
index 3c59d13..f539b50 100644
--- a/src/include/lib3270/properties.h
+++ b/src/include/lib3270/properties.h
@@ -225,6 +225,8 @@
 	 */
 	LIB3270_EXPORT int lib3270_ssl_set_crl_download(H3270 *hSession, int enabled);
 
+	LIB3270_EXPORT int lib3270_ssl_get_crl_download(const H3270 *hSession);
+
 	/**
 	 * @brief Get lib3270 version info.
 	 *
diff --git a/src/ssl/negotiate.c b/src/ssl/negotiate.c
index b0be773..1faef1e 100644
--- a/src/ssl/negotiate.c
+++ b/src/ssl/negotiate.c
@@ -57,6 +57,7 @@
 #include <lib3270/trace.h>
 #include <lib3270/log.h>
 #include <lib3270/toggle.h>
+#include <lib3270/properties.h>
 #include "hostc.h" // host_disconnect
 #include "trace_dsc.h"
 
@@ -412,6 +413,22 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 			break;
 #endif // SSL_ENABLE_SELF_SIGNED_CERT_CHECK
 
+		case X509_V_ERR_UNABLE_TO_GET_CRL:
+
+			trace_ssl(hSession,"TLS/SSL verify result was %d (%s)\n", rv, msg->body);
+
+			((SSL_ERROR_MESSAGE *) message)->popup = (LIB3270_POPUP *) msg;
+
+			debug("message: %s",((SSL_ERROR_MESSAGE *) message)->popup->summary);
+			debug("description: %s",((SSL_ERROR_MESSAGE *) message)->popup->body);
+
+			set_ssl_state(hSession,LIB3270_SSL_NEGOTIATED);
+
+			if(msg->type == LIB3270_NOTIFY_ERROR && lib3270_ssl_get_crl_download(hSession))
+				return EACCES;
+
+			break;
+
 		default:
 			trace_ssl(hSession,"TLS/SSL verify result was %d (%s)\n", rv, msg->body);
 
--
libgit2 0.21.2