2 files changed, 9 insertions, 4 deletions

diff --git a/netlib/certutils.py b/netlib/certutils.py
index c699af00..cc143a50 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -304,8 +304,6 @@ class CertStore(object):
             valid, plain-ASCII, IDNA-encoded domain name.
 
             sans: A list of Subject Alternate Names.
-
-            Return None if the certificate could not be found or generated.
         """
 
         potential_keys = self.asterisk_forms(commonname)
diff --git a/netlib/tcp.py b/netlib/tcp.py
index 5c4094d7..77c2a531 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -65,6 +65,10 @@ class NetLibSSLError(NetLibError):
     pass
 
 
+class NetLibInvalidCertificateError(NetLibSSLError):
+    pass
+
+
 class SSLKeyLogger(object):
 
     def __init__(self, filename):
@@ -517,13 +521,16 @@ class TCPClient(_Connection):
         try:
             self.connection.do_handshake()
         except SSL.Error as v:
-            raise NetLibError("SSL handshake error: %s" % repr(v))
+            if self.ssl_verification_error:
+                raise NetLibInvalidCertificateError("SSL handshake error: %s" % repr(v))
+            else:
+                raise NetLibError("SSL handshake error: %s" % repr(v))
 
         # Fix for pre v1.0 OpenSSL, which doesn't throw an exception on
         # certificate validation failure
         verification_mode = sslctx_kwargs.get('verify_options', None)
         if self.ssl_verification_error is not None and verification_mode == SSL.VERIFY_PEER:
-            raise NetLibError("SSL handshake error: certificate verify failed")
+            raise NetLibInvalidCertificateError("SSL handshake error: certificate verify failed")
 
         self.ssl_established = True
         self.cert = certutils.SSLCert(self.connection.get_peer_certificate())