diff --git a/bootstrap.sh b/bootstrap.sh
index 070a6f7..09090c7 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 PACKAGE_VERSION=4.2
-PACKAGE_RELEASE=6
+PACKAGE_RELEASE=7
 REV_FILE=./revision.m4
 REV=`date +%y%m%d%H%M`
 
diff --git a/src/gtk2/gui.h b/src/gtk2/gui.h
index 43754f9..ceb1f6b 100644
--- a/src/gtk2/gui.h
+++ b/src/gtk2/gui.h
@@ -256,6 +256,7 @@
 	{
 		OIA_PIXMAP_LOCKED,		// 0 = Locked
 		OIA_PIXMAP_UNLOCKED,	// 1 = Unlocked
+		OIA_PIXMAP_WARNING,		// 2 = Warning
 
 		OIA_PIXMAP_COUNT
 	};
diff --git a/src/gtk2/oia.c b/src/gtk2/oia.c
index fdc604d..8ef6fe8 100755
--- a/src/gtk2/oia.c
+++ b/src/gtk2/oia.c
@@ -100,7 +100,7 @@
 /*---[ Statics ]------------------------------------------------------------------------------------------------*/
 
 #ifdef ENABLE_BM_PIXMAPS
- static GdkPixmap * pixmap_oia[OIA_PIXMAP_COUNT] = { NULL, NULL};
+ static GdkPixmap * pixmap_oia[OIA_PIXMAP_COUNT] = { NULL, NULL, NULL};
 #endif // ENABLE_BM_PIXMAPS
 
  #define OIAROW	(view.top+4+(terminal_font_info.spacing*view.rows))
@@ -153,12 +153,6 @@
 
 /*---[ Implement ]----------------------------------------------------------------------------------------------*/
 
-/*
- static void dunno(cairo_t *cr, GdkGC *gc, GdkRectangle *r)
- {
- }
-*/
-
  void update_oia(void)
  {
  	if(valid_terminal_window())
@@ -481,6 +475,7 @@
     return ret;
 
  }
+
 #endif //  ENABLE_BM_PIXMAPS
 
  static void oia_draw_ssl_state(cairo_t *cr, GdkGC *gc, GdkRectangle *r)
@@ -534,6 +529,7 @@
 
 	#include "locked.bm"
 	#include "unlocked.bm"
+	#include "warning.bm"
 
 	static const struct _imagedata
 	{
@@ -544,10 +540,13 @@
 	{
 		{ locked_bits,		locked_width,	locked_height	},
 		{ unlocked_bits,	unlocked_width,	unlocked_height	},
+		{ warning_bits,		warning_width,	warning_height	},
 
 	};
 
 	int idx = query_secure_connection(hSession) ? OIA_PIXMAP_LOCKED : OIA_PIXMAP_UNLOCKED;
+	int color = TERMINAL_COLOR_OIA_SSL_STATE;
+
 
 	r->x = (r->width - (46*terminal_font_info.width))+1;
 	r->y++;
@@ -556,8 +555,14 @@
 
 	oia_clear_icon(cr,r);
 
+	if(!query_ssl_cert_check_status(hSession))
+	{
+		idx = OIA_PIXMAP_WARNING;
+		color = TERMINAL_COLOR_OIA_STATUS_WARNING;
+	}
+
 	if(!pixmap_oia[idx])
-		pixmap_oia[idx] = oia_create_scaled_pixmap(r,gc,imagedata[idx].data,imagedata[idx].width,imagedata[idx].height,TERMINAL_COLOR_OIA_SSL_STATE);
+		pixmap_oia[idx] = oia_create_scaled_pixmap(r,gc,imagedata[idx].data,imagedata[idx].width,imagedata[idx].height,color);
 
 	gdk_cairo_set_source_pixmap(cr, pixmap_oia[idx], r->x, r->y);
 	gdk_cairo_rectangle(cr,r);
@@ -959,7 +964,7 @@
 #ifdef ENABLE_BM_PIXMAPS
 	 int f;
 
-	for(f=0;f<OIA_PIXMAP_COUNT;f++)
+	for(f=0;f<G_N_ELEMENTS(pixmap_oia);f++)
 	{
 		if(pixmap_oia[f])
 		{
diff --git a/src/gtk2/warning.bm b/src/gtk2/warning.bm
new file mode 100644
index 0000000..32dea6b
--- /dev/null
+++ b/src/gtk2/warning.bm
@@ -0,0 +1,6 @@
+#define warning_width 16
+#define warning_height 14
+static unsigned char warning_bits[] = {
+   0xe0, 0x07, 0x10, 0x08, 0xc8, 0x13, 0x28, 0x14, 0x28, 0x14, 0x28, 0x14,
+   0xfc, 0x3f, 0x04, 0x20, 0x04, 0x20, 0x04, 0x20, 0x04, 0x20, 0x04, 0x20,
+   0x04, 0x20, 0xfc, 0x3f };
diff --git a/src/include/lib3270.h b/src/include/lib3270.h
index 30e18f5..98a6a0c 100644
--- a/src/include/lib3270.h
+++ b/src/include/lib3270.h
@@ -431,6 +431,8 @@
 	 */
 	LIB3270_EXPORT int lib3270_get_ssl_state(H3270 *h);
 
+	LIB3270_EXPORT int lib3270_get_ssl_cert_state(H3270 *h);
+
 	/**
 	 * Register application I/O Handlers.
 	 *
diff --git a/src/include/lib3270/api.h b/src/include/lib3270/api.h
index 1f2f04b..fc294c7 100644
--- a/src/include/lib3270/api.h
+++ b/src/include/lib3270/api.h
@@ -194,6 +194,7 @@
 
 			// Connection info
 			int					  secure_connection;
+			int					  valid_certificate;
 			int      			  sock;					/**< Network socket */
 			int					  net_sock;
 			LIB3270_CSTATE		  cstate;				/**< Connection state */
@@ -565,6 +566,7 @@
 		LIB3270_EXPORT void screen_size(int *rows, int *cols);
 
 		#define query_secure_connection(h) lib3270_get_ssl_state(h)
+		#define query_ssl_cert_check_status(h) lib3270_get_ssl_cert_state(h)
 		#define lib3270_paste_string(str) lib3270_set_string(NULL,str)
 		#define get_3270_terminal_size(h,r,c) lib3270_get_screen_size(h,r,c)
 
diff --git a/src/lib/telnet.c b/src/lib/telnet.c
index 46b71a6..a139526 100644
--- a/src/lib/telnet.c
+++ b/src/lib/telnet.c
@@ -570,15 +570,6 @@ int net_connect(const char *host, char *portname, Boolean ls, Boolean *resolving
 #endif /*]*/
 
 		/* set the socket to be non-delaying */
-/*
-#if defined(_WIN32)
-		if (non_blocking(False) < 0)
-#else
-		if (non_blocking(True) < 0)
-#endif
-			close_fail;
-*/
-
 		if (non_blocking(False) < 0)
 			close_fail;
 
@@ -608,31 +599,6 @@ int net_connect(const char *host, char *portname, Boolean ls, Boolean *resolving
 			net_connected(&h3270);
 		}
 
-/*
-		if (connect(h3270.sock, &haddr.sa, ha_len) == -1) {
-
-			Trace("Connect failed: %s (rc=%d)",strerror(socket_errno()),socket_errno());
-
-			if (socket_errno() == SE_EWOULDBLOCK
-#if defined(SE_EINPROGRESS)
-			    || socket_errno() == SE_EINPROGRESS
-#endif
-						   ) {
-				trace_dsn("Connection pending.\n");
-				*pending = True;
-#if !defined(_WIN32)
-				output_id = AddOutput(h3270.sock, &h3270, output_possible);
-#endif
-			} else {
-				popup_a_sockerr( N_( "Can't connect to %s:%d" ),h3270.hostname, h3270.current_port);
-				close_fail;
-			}
-		} else {
-			if (non_blocking(False) < 0)
-				close_fail;
-			net_connected(&h3270);
-		}
-*/
 
 	/* set up temporary termtype */
 	if (appres.termname == CN && h3270.std_ds_host) {
@@ -758,7 +724,18 @@ static void net_connected(H3270 *session)
 			return;
 		}
 		session->secure_connection = True;
-		trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
+
+		if(SSL_get_verify_result(ssl_con))
+		{
+			trace_dsn("TLS/SSL tunneled connection complete. X509 certificate verification failed.\n");
+			session->valid_certificate	= False;
+		}
+		else
+		{
+			trace_dsn("TLS/SSL tunneled connection complete. Connection is now secure.\n");
+			session->valid_certificate	= True;
+
+		}
 
 		/* Tell everyone else again. */
 		host_connected(session);
@@ -863,6 +840,7 @@ net_disconnect(void)
 		ssl_con = NULL;
 	}
 	h3270.secure_connection = False;
+	h3270.valid_certificate	= False;
 #endif /*]*/
 	if (CONNECTED)
 		(void) shutdown(h3270.sock, 2);
@@ -3406,6 +3384,17 @@ LIB3270_EXPORT int lib3270_get_ssl_state(H3270 *h)
 #endif
 }
 
+LIB3270_EXPORT int lib3270_get_ssl_cert_state(H3270 *h)
+{
+	CHECK_SESSION_HANDLE(h);
+
+#if defined(HAVE_LIBSSL)
+		return (h->valid_certificate != 0);
+#else
+		return 0;
+#endif
+}
+
 int Get3270Socket(void)
 {
         return h3270.sock;
--
libgit2 0.21.2