--- a/src/common/xmpp/tls_nb.py
+++ b/src/common/xmpp/tls_nb.py
@@ -255,6 +255,8 @@ class NonBlockingTLS(PlugIn):
         PlugIn.__init__(self)
         self.cacerts = cacerts
         self.mycerts = mycerts
+	self.correct_verification = 0
+	self.total_verification = 0
 
     # from ssl.h (partial extract)
     ssl_h_bits = {  "SSL_ST_CONNECT": 0x1000, "SSL_ST_ACCEPT": 0x2000,
@@ -411,7 +413,11 @@ class NonBlockingTLS(PlugIn):
 
         tcpsock._sslObj = OpenSSL.SSL.Connection(tcpsock._sslContext,
                 tcpsock._sock)
+	if not self.correct_verification == self.total_verification :
+		log.error("certificates are NOT completely validated, discarding connection for security reasons...")
+		return False
         tcpsock._sslObj.set_connect_state() # set to client mode
+
         wrapper = PyOpenSSLWrapper(tcpsock._sslObj)
         tcpsock._recv = wrapper.recv
         tcpsock._send = wrapper.send
@@ -447,6 +453,7 @@ class NonBlockingTLS(PlugIn):
 
     def _ssl_verify_callback(self, sslconn, cert, errnum, depth, ok):
         # Exceptions can't propagate up through this callback, so print them here.
+	self.total_verification += 1
         try:
             self._owner.ssl_fingerprint_sha1 = cert.digest('sha1')
             if errnum == 0:
@@ -454,6 +461,8 @@ class NonBlockingTLS(PlugIn):
             self._owner.ssl_errnum = errnum
             self._owner.ssl_cert_pem = OpenSSL.crypto.dump_certificate(
                     OpenSSL.crypto.FILETYPE_PEM, cert)
+	    if errnum == 0 :
+		self.correct_verification += 1
             return True
         except:
             log.error("Exception caught in _ssl_info_callback:", exc_info=True)
--- a/src/common/connection.py
+++ b/src/common/connection.py
@@ -130,6 +130,8 @@ class CommonConnection:
         self.time_to_reconnect = None
         self.bookmarks = []
 
+        self.ssl_errnum = []
+
         self.blocked_list = []
         self.blocked_contacts = []
         self.blocked_groups = []
@@ -1232,21 +1234,20 @@ class Connection(CommonConnection, Conne
             name = gajim.config.get_per('accounts', self.name, 'name')
         hostname = gajim.config.get_per('accounts', self.name, 'hostname')
         self.connection = con
-        try:
-            errnum = con.Connection.ssl_errnum
-        except AttributeError:
-            errnum = -1 # we don't have an errnum
-        if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts',
-        self.name, 'ignore_ssl_errors'):
-            text = _('The authenticity of the %s certificate could be invalid.') %\
-                    hostname
-            if errnum in ssl_error:
-                text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum]
-            else:
-                text += _('\nUnknown SSL error: %d') % errnum
-            self.dispatch('SSL_ERROR', (text, errnum, con.Connection.ssl_cert_pem,
-                    con.Connection.ssl_fingerprint_sha1))
-            return True
+        errnum = con.Connection.ssl_errnum
+        for er in errnum:
+            if er > 0 and str(errnum) not in gajim.config.get_per('accounts',
+                    self.name, 'ignore_ssl_errors').split():
+                if er in ssl_error:
+                    text += _('\nSSL Error: <b>%s</b>') % ssl_error[er]
+                else:
+                    text += _('\nUnknown SSL error: %d') % er
+                gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
+                    error_text=text, error_num=er,
+                    cert=con.Connection.ssl_cert_pem,
+                    fingerprint=con.Connection.ssl_fingerprint_sha1,
+                    certificate=con.Connection.ssl_certificate))
+                return True
         if hasattr(con.Connection, 'ssl_fingerprint_sha1'):
             saved_fingerprint = gajim.config.get_per('accounts', self.name, 'ssl_fingerprint_sha1')
             if saved_fingerprint: