diff --git a/include/mysql.h b/include/mysql.h
index 1d30486a..6c84a462 100644
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -500,7 +500,6 @@ typedef struct
   char fingerprint[65];
   struct tm not_before;
   struct tm not_after;
-  enum mariadb_tls_verification verify_mode;
 } MARIADB_X509_INFO;
 
 
diff --git a/libmariadb/ma_pvio.c b/libmariadb/ma_pvio.c
index e18af51e..df7e4826 100644
--- a/libmariadb/ma_pvio.c
+++ b/libmariadb/ma_pvio.c
@@ -550,12 +550,6 @@ static my_bool ignore_self_signed_cert_error(MARIADB_PVIO *pvio)
   int i;
   if (pvio->type != PVIO_TYPE_SOCKET)
   {
-    pvio->ctls->cert_info.verify_mode=
-#ifdef WIN32
-      MARIADB_VERIFY_PIPE;
-#else
-      MARIADB_VERIFY_UNIXSOCKET;
-#endif
     return TRUE;
   }
   if (!hostname)
@@ -564,7 +558,6 @@ static my_bool ignore_self_signed_cert_error(MARIADB_PVIO *pvio)
   {
     if (strcmp(hostname, local_host_names[i]) == 0)
     {
-      pvio->ctls->cert_info.verify_mode= MARIADB_VERIFY_LOCALHOST;
       return TRUE;
     }
   }
@@ -597,8 +590,6 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio)
          !pvio->mysql->net.tls_self_signed_error &&
          ma_pvio_tls_verify_server_cert(pvio->ctls))
     return 1;
-  else
-    pvio->ctls->cert_info.verify_mode= MARIADB_VERIFY_PEER_CERT;
 
   if (pvio->mysql->options.extension &&
       ((pvio->mysql->options.extension->tls_fp && pvio->mysql->options.extension->tls_fp[0]) ||
@@ -608,8 +599,8 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio)
         pvio->mysql->options.extension->tls_fp,
         pvio->mysql->options.extension->tls_fp_list))
       return 1;
-    pvio->ctls->cert_info.verify_mode= MARIADB_VERIFY_FINGERPRINT;
     reset_tls_self_signed_error(pvio->mysql); // validated
+    return 0;
   }
 
   if (pvio->mysql->net.tls_self_signed_error && ignore_self_signed_cert_error(pvio))
diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c
index 0d40746e..5fcd1e92 100644
--- a/libmariadb/secure/gnutls.c
+++ b/libmariadb/secure/gnutls.c
@@ -1173,8 +1173,6 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
   MYSQL *mysql= (MYSQL *)gnutls_session_get_ptr(ssl);
   MARIADB_PVIO *pvio;
   int ret;
-  const gnutls_datum_t *cert_list;
-  unsigned int list_size= 0;
 
   if (!mysql)
     return 1;
@@ -1217,6 +1215,48 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
   }
   ctls->ssl= (void *)ssl;
 
+  return 0;
+}
+
+ssize_t ma_tls_write_async(MARIADB_PVIO *pvio, const uchar *buffer, size_t length)
+{
+  ssize_t res;
+  struct mysql_async_context *b= pvio->mysql->options.extension->async_context;
+  MARIADB_TLS *ctls= pvio->ctls;
+
+  for (;;)
+  {
+    b->events_to_wait_for= 0;
+    res= gnutls_record_send((gnutls_session_t)ctls->ssl, (void *)buffer, length);
+    if (res > 0)
+      return res;
+    if (res == GNUTLS_E_AGAIN)
+      b->events_to_wait_for|= MYSQL_WAIT_WRITE;
+    else
+      return res;
+    if (b->suspend_resume_hook)
+      (*b->suspend_resume_hook)(TRUE, b->suspend_resume_hook_user_data);
+    my_context_yield(&b->async_context);
+    if (b->suspend_resume_hook)
+      (*b->suspend_resume_hook)(FALSE, b->suspend_resume_hook_user_data);
+  }
+}
+
+unsigned int ma_tls_get_peer_cert_info(MARIADB_TLS *ctls)
+{
+  const gnutls_datum_t *cert_list;
+  gnutls_session_t ssl;
+  unsigned int list_size= 0;
+
+  if (!ctls || !ctls->ssl)
+    return 1;
+
+  if (!(ssl = (gnutls_session_t)ctls->ssl))
+    return 1;
+
+  if (ctls->cert_info.version)
+    return 0; /* already loaded */
+
   /* retrieve peer certificate information */
   if ((cert_list= gnutls_certificate_get_peers(ssl, &list_size)))
   {
@@ -1251,32 +1291,9 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
       mysql_hex_string(ctls->cert_info.fingerprint, fp, 32);
     }
     gnutls_x509_crt_deinit(cert);
+    return 0;
   }
-  return 0;
-}
-
-ssize_t ma_tls_write_async(MARIADB_PVIO *pvio, const uchar *buffer, size_t length)
-{
-  ssize_t res;
-  struct mysql_async_context *b= pvio->mysql->options.extension->async_context;
-  MARIADB_TLS *ctls= pvio->ctls;
-
-  for (;;)
-  {
-    b->events_to_wait_for= 0;
-    res= gnutls_record_send((gnutls_session_t)ctls->ssl, (void *)buffer, length);
-    if (res > 0)
-      return res;
-    if (res == GNUTLS_E_AGAIN)
-      b->events_to_wait_for|= MYSQL_WAIT_WRITE;
-    else
-      return res;
-    if (b->suspend_resume_hook)
-      (*b->suspend_resume_hook)(TRUE, b->suspend_resume_hook_user_data);
-    my_context_yield(&b->async_context);
-    if (b->suspend_resume_hook)
-      (*b->suspend_resume_hook)(FALSE, b->suspend_resume_hook_user_data);
-  }
+  return 1;
 }
 
 
@@ -1435,7 +1452,6 @@ static int my_verify_callback(gnutls_session_t ssl)
     
     return GNUTLS_E_CERTIFICATE_ERROR;
   }
-  
 
   return 0;
 }
diff --git a/unittest/libmariadb/connection.c b/unittest/libmariadb/connection.c
index cacf84bb..7886432b 100644
--- a/unittest/libmariadb/connection.c
+++ b/unittest/libmariadb/connection.c
@@ -2335,8 +2335,7 @@ static int test_x509(MYSQL *my __attribute__((unused)))
     return FAIL;
   }
   mariadb_get_infov(mysql1, MARIADB_TLS_PEER_CERT_INFO, &info);
-  memset(fp, 0, 65);
-  diag("fingerprint: %s", info->fingerprint);
+  memset(fp, 0, sizeof(fp));
   mysql_options(mysql2, MARIADB_OPT_TLS_PEER_FP, info->fingerprint);
   if (!(my_test_connect(mysql2, hostname, username,
                            password, schema, port,
@@ -2346,7 +2345,12 @@ static int test_x509(MYSQL *my __attribute__((unused)))
     return FAIL;
   }
   mariadb_get_infov(mysql2, MARIADB_TLS_PEER_CERT_INFO, &info);
-  FAIL_IF(info->verify_mode != MARIADB_VERIFY_FINGERPRINT, "Fingerprint verification expected");
+
+  if (strcmp(info->fingerprint, fingerprint))
+  {
+    diag("different fingerprints!");
+    return FAIL;
+  }
 
   mysql_close(mysql1);
   mysql_close(mysql2);