diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h
index 09ff7a3a0..4c1be79bf 100644
--- a/include/freerdp/crypto/tls.h
+++ b/include/freerdp/crypto/tls.h
@@ -64,7 +64,7 @@ FREERDP_API int tls_wait_read(rdpTls* tls);
 FREERDP_API int tls_wait_write(rdpTls* tls);
 
 FREERDP_API BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname);
-FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname);
+FREERDP_API BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port);
 FREERDP_API void tls_print_certificate_error(char* hostname, char* fingerprint, char* hosts_file);
 FREERDP_API void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count);
 
diff --git a/include/freerdp/freerdp.h b/include/freerdp/freerdp.h
index 28064c27e..1f769af95 100644
--- a/include/freerdp/freerdp.h
+++ b/include/freerdp/freerdp.h
@@ -61,7 +61,7 @@ typedef void (*pPostDisconnect)(freerdp* instance);
 typedef BOOL (*pAuthenticate)(freerdp* instance, char** username, char** password, char** domain);
 typedef BOOL (*pVerifyCertificate)(freerdp* instance, char* subject, char* issuer, char* fingerprint);
 typedef BOOL (*pVerifyChangedCertificate)(freerdp* instance, char* subject, char* issuer, char* new_fingerprint, char* old_fingerprint);
-typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, DWORD flags);
+typedef int (*pVerifyX509Certificate)(freerdp* instance, BYTE* data, int length, const char* hostname, int port, DWORD flags);
 
 typedef int (*pLogonErrorInfo)(freerdp* instance, UINT32 data, UINT32 type);
 
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 19dda77c6..2d62e9386 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -111,6 +111,7 @@ BOOL tls_connect(rdpTls* tls)
 	long options = 0;
 	int connection_status;
 	char *hostname;
+	int port;
 
 	tls->ctx = SSL_CTX_new(TLSv1_client_method());
 
@@ -214,11 +215,17 @@ BOOL tls_connect(rdpTls* tls)
 	}
 
 	if (tls->settings->GatewayEnabled)
+	{
 		hostname = tls->settings->GatewayHostname;
+		port = tls->settings->GatewayPort;
+	}
 	else
+	{
 		hostname = tls->settings->ServerHostname;
+		port = tls->settings->ServerPort;
+	}
 
-	if (!tls_verify_certificate(tls, cert, hostname))
+	if (!tls_verify_certificate(tls, cert, hostname, port))
 	{
 		fprintf(stderr, "tls_connect: certificate not trusted, aborting.\n");
 		tls_disconnect(tls);
@@ -568,7 +575,7 @@ BOOL tls_match_hostname(char *pattern, int pattern_length, char *hostname)
 	return FALSE;
 }
 
-BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
+BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int port)
 {
 	int match;
 	int index;
@@ -651,7 +658,7 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
 		
 		if (instance->VerifyX509Certificate)
 		{
-			status = instance->VerifyX509Certificate(instance, pemCert, length, 0);
+			status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, 0);
 		}
 		
 		fprintf(stderr, "VerifyX509Certificate: (length = %d) status: %d\n%s\n",