diff --git a/liveMedia/RTSPClient.cpp b/liveMedia/RTSPClient.cpp
index 4062837..450a80c 100644
--- a/liveMedia/RTSPClient.cpp
+++ b/liveMedia/RTSPClient.cpp
@@ -400,7 +400,7 @@ RTSPClient::RTSPClient(UsageEnvironment& env, char const* rtspURL,
     fInputSocketNum(-1), fOutputSocketNum(-1), fBaseURL(NULL), fTCPStreamIdCount(0),
     fLastSessionId(NULL), fSessionTimeoutParameter(0), fRequireStr(NULL),
     fSessionCookieCounter(0), fHTTPTunnelingConnectionIsPending(False),
-    fTLS(*this), fPOSTSocketTLS(*this) {
+    fTLS(*this), fPOSTSocketTLS(*this), fSSLCAFileName(NULL), fSSLVerifyPeer(False) {
   fInputTLS = fOutputTLS = &fTLS; // fOutputTLS will change if we're doing RTSP-over-HTTPS
   setBaseURL(rtspURL);
 
@@ -440,6 +440,7 @@ RTSPClient::~RTSPClient() {
   delete[] fRequireStr;
   delete[] fResponseBuffer;
   delete[] fUserAgentHeaderStr;
+  delete[] fSSLCAFileName;
 }
 
 void RTSPClient::reset() {
@@ -2128,6 +2129,13 @@ void RTSPClient::RequestQueue::reset() {
   fHead = fTail = NULL;
 }
 
+void RTSPClient::setSSLCAFileName(char const* CAFileName) {
+  delete[] fSSLCAFileName; fSSLCAFileName = strDup(CAFileName);
+}
+
+void RTSPClient::setSSLVerifyPeer(Boolean Verify) {
+  fSSLVerifyPeer = Verify;
+}
 
 #ifndef OMIT_REGISTER_HANDLING
 ////////// HandlerServerForREGISTERCommand implementation /////////
diff --git a/liveMedia/TLSState.cpp b/liveMedia/TLSState.cpp
index d143ad4..2e12ab3 100644
--- a/liveMedia/TLSState.cpp
+++ b/liveMedia/TLSState.cpp
@@ -23,7 +23,7 @@ along with this library; if not, write to the Free Software Foundation, Inc.,
 #ifndef NO_OPENSSL
 #include <openssl/err.h>
 #endif
-
+#include <openssl/x509_vfy.h>
 ////////// TLSState implementation //////////
 
 TLSState::TLSState()
@@ -132,6 +132,19 @@ int ClientTLSState::connect(int socketNum) {
 }
 
 #ifndef NO_OPENSSL
+
+
+int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
+
+    X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+    int depth = X509_STORE_CTX_get_error_depth(ctx);
+    int err = X509_STORE_CTX_get_error(ctx);
+
+    if (err == X509_V_OK) return 1;
+
+    return 0;
+    }
+
 Boolean ClientTLSState::setup(int socketNum) {
   do {
     initLibrary();
@@ -142,6 +155,11 @@ Boolean ClientTLSState::setup(int socketNum) {
     fCtx = SSL_CTX_new(meth);
     if (fCtx == NULL) break;
 
+    if ((fClient.fSSLVerifyPeer)) {
+        if (fClient.fSSLCAFileName) SSL_CTX_load_verify_locations(fCtx,fClient.fSSLCAFileName,NULL);
+        SSL_CTX_set_verify(fCtx, SSL_VERIFY_PEER, verify_callback);
+      }
+
     fCon = SSL_new(fCtx);
     if (fCon == NULL) break;
 
diff --git a/liveMedia/include/RTSPClient.hh b/liveMedia/include/RTSPClient.hh
index f0b54ed..d2e2114 100644
--- a/liveMedia/include/RTSPClient.hh
+++ b/liveMedia/include/RTSPClient.hh
@@ -197,6 +197,9 @@ public:
 
   static unsigned responseBufferSize;
 
+void  setSSLCAFileName(char const* CAFileName);
+void  setSSLVerifyPeer(Boolean Verify);
+
 public: // Some compilers complain if this is "private:"
   // The state of a request-in-progress:
   class RequestRecord {
@@ -365,6 +368,8 @@ private:
   ClientTLSState fPOSTSocketTLS; // used only for RTSP-over-HTTPS
   ClientTLSState* fInputTLS;
   ClientTLSState* fOutputTLS;
+  char const* fSSLCAFileName;
+  Boolean fSSLVerifyPeer;
   friend class ClientTLSState;
 };