These 4 patches i just sent there implement SHA256 fingerprint option "ssl_sha256". It can be used to implement "trust on first use" policy for self-signed certificates for servers that don't provide full certificate chain. When it is impossible to retrieve CA certificate, you can still trust the certificate itself by its fingerprint.
Fingerprint is checked only if ssl_sha256 option is present in the config file. Other options, such as ssl_verify, are not affected. Connection is established only if all requested checks pass. weechat has similar option called "ssl_fingerprint"
