At the moment it seems that the callback on SSL_CTX_set_verify is being set to NULL : pjproject/pjlib/src/pj/ssl_sock_ossl.c 469: SSL_CTX_set_verify(ctx, mode, NULL); pjproject/pjsip/src/pjsip/sip_transport_tls_ossl.c 460: SSL_CTX_set_verify(ctx, mode, NULL); However, I think one could make a great use of it if it were available from the client (ie. the "implementer"). The use case of particular interest for me is to give the user the ability to see information and to get notified when a server certificate is received (just as Firefox or any browser does). Also, if the client does not already have the required CA files installed locally on her computer, that might be just enough to "confirm" the process. I don't how you (Benny) feel about "leaking" some of OpenSSL in the library, but considering its widespread use, I don't see much of a problem with this. Thank you, Pierre-Luc Bacon
