Index: src/tls/OFGnuTLSTLSStream.m
==================================================================
--- src/tls/OFGnuTLSTLSStream.m
+++ src/tls/OFGnuTLSTLSStream.m
@@ -316,15 +316,25 @@
 				return true;
 		}
 
 		if (status == GNUTLS_E_SUCCESS)
 			_handshakeDone = true;
-		else
+		else {
+			OFTLSStreamErrorCode errorCode =
+			    OFTLSStreamErrorCodeUnknown;
+
+			if (status == GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR)
+				errorCode = certificateStatusToErrorCode(
+				    gnutls_session_get_verify_cert_status(
+				    _session));
+
+			/* FIXME: Map to better errors */
 			exception = [OFTLSHandshakeFailedException
 			    exceptionWithStream: self
 					   host: _host
-				      errorCode: OFTLSStreamErrorCodeUnknown];
+				      errorCode: errorCode];
+		}
 	}
 
 	if ([_delegate respondsToSelector:
 	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
 		[_delegate		       stream: self
@@ -359,15 +369,25 @@
 			}
 		}
 
 		if (status == GNUTLS_E_SUCCESS)
 			_handshakeDone = true;
-		else
+		else {
+			OFTLSStreamErrorCode errorCode =
+			    OFTLSStreamErrorCodeUnknown;
+
+			if (status == GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR)
+				errorCode = certificateStatusToErrorCode(
+				    gnutls_session_get_verify_cert_status(
+				    _session));
+
+			/* FIXME: Map to better errors */
 			exception = [OFTLSHandshakeFailedException
 			    exceptionWithStream: self
 					   host: _host
-				      errorCode: OFTLSStreamErrorCodeUnknown];
+				      errorCode: errorCode];
+		}
 	}
 
 	if ([_delegate respondsToSelector:
 	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
 		[_delegate		       stream: self