Index: src/OFTLSStream.h
==================================================================
--- src/OFTLSStream.h
+++ src/OFTLSStream.h
@@ -31,11 +31,21 @@
  */
 typedef enum {
 	/** @brief An unknown error. */
 	OFTLSStreamErrorCodeUnknown,
 	/** @brief Initialization of the TLS context failed. */
-	OFTLSStreamErrorCodeInitializationFailed
+	OFTLSStreamErrorCodeInitializationFailed,
+	/** @brief Verification of the certificate failed. */
+	OFTLSStreamErrorCodeCertificateVerificationFailed,
+	/** @brief The certificate has an untrusted or unknown issuer. */
+	OFTLSStreamErrorCodeCertificateIssuerUntrusted,
+	/** @brief The certificate is for a different name. */
+	OFTLSStreamErrorCodeCertificateNameMismatch,
+	/** @brief The certificate has expired or is not yet valid. */
+	OFTLSStreamErrorCodeCertificatedExpired,
+	/** @brief The certificate has been revoked. */
+	OFTLSStreamErrorCodeCertificateRevoked
 } OFTLSStreamErrorCode;
 
 /**
  * @protocol OFTLSStreamDelegate OFTLSStream.h ObjFW/ObjFW.h
  *

Index: src/OFTLSStream.m
==================================================================
--- src/OFTLSStream.m
+++ src/OFTLSStream.m
@@ -51,10 +51,20 @@
 OFTLSStreamErrorCodeDescription(OFTLSStreamErrorCode errorCode)
 {
 	switch (errorCode) {
 	case OFTLSStreamErrorCodeInitializationFailed:
 		return @"Initialization of TLS context failed";
+	case OFTLSStreamErrorCodeCertificateVerificationFailed:
+		return @"Verification of the certificate failed";
+	case OFTLSStreamErrorCodeCertificateIssuerUntrusted:
+		return @"The certificate has an untrusted or unknown issuer";
+	case OFTLSStreamErrorCodeCertificateNameMismatch:
+		return @"The certificate is for a different name";
+	case OFTLSStreamErrorCodeCertificatedExpired:
+		return @"The certificate has expired or is not yet valid";
+	case OFTLSStreamErrorCodeCertificateRevoked:
+		return @"The certificate has been revoked";
 	default:
 		return @"Unknown error";
 	}
 }