diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h
index 180007e5e..3de9f93c0 100644
--- a/include/freerdp/crypto/tls.h
+++ b/include/freerdp/crypto/tls.h
@@ -81,6 +81,7 @@ struct rdp_tls
 	int port;
 	int alertLevel;
 	int alertDescription;
+	BOOL isGatewayTransport;
 };
 
 FREERDP_API int tls_connect(rdpTls* tls, BIO *underlying);
diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c
index f0ad69183..093ae33f7 100644
--- a/libfreerdp/core/transport.c
+++ b/libfreerdp/core/transport.c
@@ -268,6 +268,8 @@ BOOL transport_connect_tls(rdpTransport* transport)
 	if (targetTls->port == 0)
 		targetTls->port = 3389;
 
+	targetTls->isGatewayTransport = FALSE;
+
 	tls_status = tls_connect(targetTls, targetBio);
 
 	if (tls_status < 1)
@@ -404,6 +406,8 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16
 	transport->TlsIn->hostname = transport->TlsOut->hostname = settings->GatewayHostname;
 	transport->TlsIn->port = transport->TlsOut->port = settings->GatewayPort;
 
+	transport->TlsIn->isGatewayTransport = TRUE;
+
 	tls_status = tls_connect(transport->TlsIn, transport->TcpIn->bufferedBio);
 
 	if (tls_status < 1)
@@ -422,6 +426,8 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16
 		return FALSE;
 	}
 
+	transport->TlsOut->isGatewayTransport = TRUE;
+
 	tls_status = tls_connect(transport->TlsOut, transport->TcpOut->bufferedBio);
 
 	if (tls_status < 1)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 36e99f2c2..9e604a90a 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -591,7 +591,7 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname, int por
 		
 		if (instance->VerifyX509Certificate)
 		{
-			status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, 0);
+			status = instance->VerifyX509Certificate(instance, pemCert, length, hostname, port, tls->isGatewayTransport);
 		}
 		
 		fprintf(stderr, "%s: (length = %d) status: %d\n%s\n", __FUNCTION__,	length, status, pemCert);
@@ -798,7 +798,8 @@ rdpTls* tls_new(rdpSettings* settings)
 {
 	rdpTls* tls;
 
-	tls = (rdpTls *)calloc(1, sizeof(rdpTls));
+	tls = (rdpTls*) calloc(1, sizeof(rdpTls));
+
 	if (!tls)
 		return NULL;
 
@@ -807,11 +808,13 @@ rdpTls* tls_new(rdpSettings* settings)
 
 	tls->settings = settings;
 	tls->certificate_store = certificate_store_new(settings);
+
 	if (!tls->certificate_store)
 		goto out_free;
 
 	tls->alertLevel = TLS_ALERT_LEVEL_WARNING;
 	tls->alertDescription = TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY;
+
 	return tls;
 
 out_free: