Index: packages/fcl-net/src/sslsockets.pp
===================================================================
--- packages/fcl-net/src/sslsockets.pp	(revision 46535)
+++ packages/fcl-net/src/sslsockets.pp	(working copy)
@@ -27,7 +27,7 @@
 Type
   ESSLSocketError = Class(ESocketError);
   TSSLSocketHandler = class;
-  TVerifyCertificateEvent = Procedure(Sender : TObject; Allow : Boolean) of object;
+  TVerifyCertificateEvent = Procedure(Sender : TObject; var Allow : Boolean) of object;
   TSSLSocketHandlerClass = class of TSSLSocketHandler;
 
   { TSSLSocketHandler }
@@ -50,7 +50,7 @@
     Class Var FDefaultHandlerClass : TSSLSocketHandlerClass;
   protected
     Procedure SetSSLActive(aValue : Boolean);
-    function DoVerifyCert: boolean;
+    function DoVerifyCert: boolean; virtual;  // if event define's change not accceptable, suggest to set virtual
   public
     constructor Create; override;
     Destructor Destroy; override;
Index: packages/openssl/src/fpopenssl.pp
===================================================================
--- packages/openssl/src/fpopenssl.pp	(revision 46535)
+++ packages/openssl/src/fpopenssl.pp	(working copy)
@@ -102,7 +102,7 @@
     function PeerSubject : String;
     Function PeerIssuer : String;
     Function PeerSerialNo : Integer;
-    Function PeerFingerprint : String;
+    Function PeerFingerprint(const name: string = 'MD5') : String;
     Function CertInfo : String;
     function CipherName: string;
     function CipherBits: integer;
@@ -737,7 +737,7 @@
   end;
 end;
 
-Function TSSL.PeerFingerprint: String;
+Function TSSL.PeerFingerprint(const name: string): String;
 var
   C : PX509;
   L : integer;
@@ -750,7 +750,7 @@
   try
     Result:=StringOfChar(#0,EVP_MAX_MD_SIZE);
     L:=0;
-    X509Digest(C,EvpGetDigestByName('MD5'),Result,L);
+    X509Digest(C,EvpGetDigestByName(name),Result,L);
     SetLength(Result,L);
   finally
     X509Free(C);
Index: packages/openssl/src/opensslsockets.pp
===================================================================
--- packages/openssl/src/opensslsockets.pp	(revision 46535)
+++ packages/openssl/src/opensslsockets.pp	(working copy)
@@ -39,6 +39,7 @@
     // Result of last CheckSSL call.
     Function SSLLastError: integer;
     property SSLLastErrorString: string read FSSLLastErrorString write SetSSLLastErrorString;
+    property SSL: TSSL read FSSL; // allow more lower level info and control
   end;
 
 implementation
@@ -78,9 +79,11 @@
      if SendHostAsSNI  and (Socket is TInetSocket) then
        FSSL.Ctrl(SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,PAnsiChar(AnsiString((Socket as TInetSocket).Host)));
      Result:=CheckSSL(FSSL.Connect);
-     if Result and VerifyPeerCert then
-       Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert);
+     //if Result and VerifyPeerCert then
+     //  Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert);
      if Result then
+       Result:= DoVerifyCert;
+     if Result then
        SetSSLActive(True);
      end;
     end;