Index: lisp/ChangeLog
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v
retrieving revision 7.1674
diff -u -r7.1674 ChangeLog
--- lisp/ChangeLog	25 Nov 2007 18:25:12 -0000	7.1674
+++ lisp/ChangeLog	27 Nov 2007 11:02:51 -0000
@@ -1,3 +1,9 @@
+2007-11-27  Elias Oltmanns  <eo@nebensachen.de>
+
+	* tls.el: (open-tls-stream): Actually consult tls-checktrust to see if
+	certs should be verified and what is to be done in the event of a
+	verification failure.
+
 2007-11-25  Romain Francoise  <romain@orebokech.com>
 
 	* gnus-msg.el (gnus-summary-reply): Delete extra paren.
Index: lisp/tls.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/tls.el,v
retrieving revision 7.18
diff -u -r7.18 tls.el
--- lisp/tls.el	25 Nov 2007 14:17:03 -0000	7.18
+++ lisp/tls.el	27 Nov 2007 11:02:52 -0000
@@ -229,12 +229,15 @@
 	(set-buffer buffer)
 	(when
 	    (or
-	     (and tls-untrusted
+	     (and tls-checktrust
 		  (progn
 		    (goto-char (point-min))
 		    (re-search-forward tls-untrusted nil t))
-		  (not (yes-or-no-p
-			(format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host))))
+		  (or 
+		   (and (not (eq tls-checktrust 'ask))
+			(message "The certificate presented by `%s' is NOT trusted." host))
+		   (not (yes-or-no-p
+			 (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host)))))
 	     (and tls-hostmismatch
 		  (progn
 		    (goto-char (point-min))