2 files changed, 4 insertions, 6 deletions

diff --git a/src/gmcerts.c b/src/gmcerts.c
index 9073f2e7..36fd7d55 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -457,10 +457,8 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls
         return iFalse;
     }
     /* We trust CA verification implicitly. */
-    const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus);
-    if (!verifyDomain_GmCerts(cert, domain)) {
-        return iFalse;
-    }
+    const iBool isCATrusted   = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus);
+    const iBool isDomainValid = verifyDomain_GmCerts(cert, domain);
     /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
     /* Good certificate. If not already trusted, add it now. */
     iDate until;
@@ -470,7 +468,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls
     init_String(&key);
     makeTrustKey_(domain, port, &key);
     lock_Mutex(d->mtx);
-    iBool ok = !isExpired_TlsCertificate(cert);
+    iBool ok = isDomainValid && !isExpired_TlsCertificate(cert);
     iTrustEntry *trust = value_StringHash(d->trusted, &key);
     if (trust) {
         /* We already have it, check if it matches the one we trust for this domain (if it's
diff --git a/src/ui/documentwidget.c b/src/ui/documentwidget.c
index 60662b03..41ca1d7f 100644
--- a/src/ui/documentwidget.c
+++ b/src/ui/documentwidget.c
@@ -2836,7 +2836,7 @@ static iBool handleCommand_DocumentWidget_(iDocumentWidget *d, const char *cmd)
         const iBool haveFingerprint = (d->certFlags & haveFingerprint_GmCertFlag) != 0;
         const iBool canTrust =
             (d->certFlags == (available_GmCertFlag | haveFingerprint_GmCertFlag |
-                              timeVerified_GmCertFlag | domainVerified_GmCertFlag));
+                              timeVerified_GmCertFlag /* | domainVerified_GmCertFlag*/));
         const iRecentUrl *recent = findUrl_History(d->mod.history, d->mod.url);
         const iString *meta = &d->sourceMime;
         if (recent && recent->cachedResponse) {