Index: lynx-cur-2.8.8dev.12/WWW/Library/Implementation/HTTP.c
===================================================================
--- lynx-cur-2.8.8dev.12.orig/WWW/Library/Implementation/HTTP.c	2012-11-07 17:06:22.000000000 -0600
+++ lynx-cur-2.8.8dev.12/WWW/Library/Implementation/HTTP.c	2012-11-07 17:38:56.000000000 -0600
@@ -764,17 +764,21 @@
 #endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
 	}
 #ifdef USE_GNUTLS_INCL
+	gnutls_certificate_set_verify_flags(handle->gnutls_cred,
+					    GNUTLS_VERIFY_DO_NOT_ALLOW_SAME |
+					    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 	ret = gnutls_certificate_verify_peers2(handle->gnutls_state, &tls_status);
-	if (ret < 0) {
+	if (ret < 0 || (ret == 0 &&
+			tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND)) {
 	    int flag_continue = 1;
 	    char *msg2;
 
-	    if (tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
+	    if (ret == 0 && tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
+		msg2 = gettext("self signed certificate");
+	    } else if (tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
 		msg2 = gettext("no issuer was found");
 	    } else if (tls_status & GNUTLS_CERT_SIGNER_NOT_CA) {
 		msg2 = gettext("issuer is not a CA");
-	    } else if (tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
-		msg2 = gettext("the certificate has no known issuer");
 	    } else if (tls_status & GNUTLS_CERT_REVOKED) {
 		msg2 = gettext("the certificate has been revoked");
 	    } else {