diff --git a/bip.conf.1 b/bip.conf.1
index ee6ac12..56f0d38 100644
--- a/bip.conf.1
+++ b/bip.conf.1
@@ -283,6 +283,10 @@ the \fBuser section\fP, BIP will use that default realname string.
 \fBsource_port\fP
 If specified, tells BIP to connect from this port to the IRC server.
 
+.TP
+\fBssl_check_mode\fP (default: \fBthe user's option\fP)
+See \fBssl_check_mode\fP option in User options.
+
 .TP
 \fBuser\fP
 BIP will send that string as the user part (usually between ! and @ in a whois
diff --git a/samples/bip.vim b/samples/bip.vim
index f4bcadb..09965e9 100644
--- a/samples/bip.vim
+++ b/samples/bip.vim
@@ -87,7 +87,7 @@ syn keyword	bipCoKeyword	contained nextgroup=bipBoolV ssl follow_nick
 	\ ignore_first_nick
 syn keyword	bipCoKeyword	contained nextgroup=bipStringV name user nick
 	\ network password vhost away_nick on_connect_send realname
-	\ no_client_away_msg
+	\ no_client_away_msg ssl_check_mode
 syn keyword	bipCoKeyword	contained nextgroup=bipNumericV source_port
 no_client_away_msg
 
diff --git a/src/bip.c b/src/bip.c
index 1c0c451..c52383c 100644
--- a/src/bip.c
+++ b/src/bip.c
@@ -373,6 +373,7 @@ static int add_connection(bip_t *bip, struct user *user, list_t *data)
 		list_add_last(&bip->link_list, l);
 		l->user = user;
 		l->log = log_new(user, name);
+		l->ssl_check_mode = user->ssl_check_mode;
 	} else {
 #warning "CODEME (user switch..)"
 		l->network = NULL;
@@ -433,6 +434,15 @@ static int add_connection(bip_t *bip, struct user *user, list_t *data)
 		case LEX_ON_CONNECT_SEND:
 			list_add_last(&l->on_connect_send, t->pdata);
 			break;
+#ifdef HAVE_LIBSSL
+		case LEX_SSL_CHECK_MODE:
+			if (!strncmp(t->pdata, "basic", 5))
+				l->ssl_check_mode = SSL_CHECK_BASIC;
+			if (!strncmp(t->pdata, "ca", 2))
+				l->ssl_check_mode = SSL_CHECK_CA;
+			free(t->pdata);
+			break;
+#endif
 		default:
 			conf_die("unknown keyword in connection statement");
 			if (t->type == TUPLE_STR)
@@ -598,6 +608,14 @@ static int validate_config(bip_t *bip)
 						(!link->realname &&
 						 !user->default_realname))
 					link_kill(bip, link);
+
+				if (link->network->ssl &&
+						!link->ssl_check_mode)
+					conf_die("user %s, connection %s: you "
+						"should define a "
+						"ssl_check_mode.", user->name,
+						link->name);
+
 				//conf_die("user: ... net: ... can i has nick/user/rael");
 				r = 0;
 			}
@@ -611,8 +629,7 @@ static int validate_config(bip_t *bip)
 		}
 	}
 
-#warning CODE ME
-#warning DONE BY KYOSHIRO :p
+#warning CODE ME -> DONE BY KYOSHIRO ?
 #if 0
 	if (conf_backlog && !conf_log) {
 		if (conf_backlog_lines == 0) {
diff --git a/src/conf.y b/src/conf.y
index c58f6a5..f060e05 100644
--- a/src/conf.y
+++ b/src/conf.y
@@ -196,6 +196,8 @@ con_command:
 	   					LEX_ON_CONNECT_SEND, $3); }
 	   | LEX_NO_CLIENT_AWAY_MSG LEX_EQ LEX_STRING { $$ = tuple_s_new(
 	   					LEX_NO_CLIENT_AWAY_MSG, $3); }
+	   | LEX_SSL_CHECK_MODE LEX_EQ LEX_STRING { $$ = tuple_s_new(
+			LEX_SSL_CHECK_MODE, $3); }
 channel:
        { $$ = list_new(NULL); }
        | channel cha_command LEX_SEMICOLON { list_add_last($1, $2); $$ = $1; }