@@ -27,10 +27,11 @@
 #import "OFHTTPResponse.h"
 #import "OFOptionsParser.h"
 #import "OFStdIOStream.h"
 #import "OFSystemInfo.h"
 #import "OFTCPSocket.h"
+#import "OFTLSSocket.h"
 #import "OFURL.h"
 #import "OFLocalization.h"
 
 #import "OFAddressTranslationFailedException.h"
 #import "OFConnectionFailedException.h"
@@ -54,11 +55,11 @@
 {
 	OFArray OF_GENERIC(OFString*) *_URLs;
 	size_t _URLIndex;
 	int _errorCode;
 	OFString *_outputPath;
-	bool _continue, _force, _detectFileName, _quiet, _verbose;
+	bool _continue, _force, _detectFileName, _quiet, _verbose, _insecure;
 	OFDataArray *_body;
 	of_http_request_method_t _method;
 	OFMutableDictionary *_clientHeaders;
 	OFHTTPClient *_HTTPClient;
 	char *_buffer;
@@ -100,11 +101,13 @@
 		    @"-P  --proxy          "
 		    @"  Specify SOCKS5 proxy\n    "
 		    @"-q  --quiet          "
 		    @"  Quiet mode (no output, except errors)\n    "
 		    @"-v  --verbose        "
-		    @"  Verbose mode (print headers)\n")];
+		    @"  Verbose mode (print headers)\n    "
+		    @"    --insecure       "
+		    @"  Ignore TLS errors\n")];
 
 	[OFApplication terminateWithStatus: status];
 }
 
 @implementation OFHTTP
@@ -239,10 +242,11 @@
 		{ 'o', @"output", 1, NULL, &outputPath },
 		{ 'O', @"detect-filename", 0, &_detectFileName, NULL },
 		{ 'P', @"socks5-proxy", 1, NULL, NULL },
 		{ 'q', @"quiet", 0, &_quiet, NULL },
 		{ 'v', @"verbose", 0, &_verbose, NULL },
+		{ '\0', @"insecure", 0, &_insecure, NULL },
 		{ '\0', nil, 0, NULL, NULL }
 	};
 	OFOptionsParser *optionsParser = [OFOptionsParser
 	    parserWithOptions: options];
 	of_unichar_t option;
@@ -344,10 +348,19 @@
 	}
 
 	[self performSelector: @selector(downloadNextURL)
 		   afterDelay: 0];
 }
+
+-    (void)client: (OFHTTPClient*)client
+  didCreateSocket: (OF_KINDOF(OFTCPSocket*))socket
+	  request: (OFHTTPRequest*)request
+{
+	if (_insecure && [socket respondsToSelector:
+	    @selector(setCertificateVerificationEnabled:)])
+		[socket setCertificateVerificationEnabled: false];
+}
 
 -	  (bool)client: (OFHTTPClient*)client
   shouldFollowRedirect: (OFURL*)URL
 	    statusCode: (int)statusCode
 	       request: (OFHTTPRequest*)request
@@ -420,13 +433,13 @@
 	} @catch (OFUnsupportedProtocolException *e) {
 		if (!_quiet)
 			[of_stdout writeString: @"\n"];
 
 		[of_stderr writeString: OF_LOCALIZED(@"no_ssl_library",
-		    @"%[prog]: No SSL library loaded!\n"
+		    @"%[prog]: No TLS library loaded!\n"
 		    @"  In order to download via https, you need to preload an "
-		    @"SSL library for ObjFW\n"
+		    @"TLS library for ObjFW\n"
 		    "such as ObjOpenSSL!\n",
 		    @"prog", [OFApplication programName])];
 	} @catch (OFReadOrWriteFailedException *e) {
 		OFString *error = OF_LOCALIZED(
 		    @"download_failed_read_or_write_failed_any",