* Magnus Hagander:
> But no, it wouldn't be bad if there was a way to specify exactly which
> cert is used. Or at least validate the common name of it agains the
> hostname of the server.
SSH-like "leap of faith" authentication would be even better. Store
the certificate on the first connection (together with the domain
name), and refuse subsequent connections if the certificate changes.