diff --git a/AUTHORS b/AUTHORS
index fa202af31..dc7bba0df 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -101,6 +101,7 @@ The following submitted code, packages or analysis, and deserve special thanks:
   Marton Suranyi
   Nicolas Appriou
   Jochen Sprickerhof
+  Alexander Sulfrian
 
 Thanks to the following, who submitted detailed bug reports and excellent
 suggestions:
diff --git a/ChangeLog b/ChangeLog
index cf0272023..8f9f1c50d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,8 @@ Bugs
 - #1473 Make TASK_RCDIR customizable (thanks to Elias Probst).
 - #1486 Truncated sentence in task-sync(5) manpage (thanks to Jakub Wilk).
 - #1487 `tasksh` segmentation fault (thanks to Hector Arciga).
+- Added certificate verification to GnuTLS versions < 2.9.10 (thanks to Alexander
+  Sulfrian)
 - Removed debugging code.
 
 ------ current release ---------------------------
diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp
index fbf542557..0bf6b5a08 100644
--- a/src/TLSClient.cpp
+++ b/src/TLSClient.cpp
@@ -183,6 +183,10 @@ void TLSClient::init (
     throw std::string ("Missing CERT file.");
 
 #if GNUTLS_VERSION_NUMBER >= 0x02090a
+  // The automatic verification for the server certificate with
+  // gnutls_certificate_set_verify_function only works with gnutls
+  // >=2.9.10. So with older versions we should call the verify function
+  // manually after the gnutls handshake.
   gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback);
 #endif
   gnutls_init (&_session, GNUTLS_CLIENT);
@@ -267,6 +271,16 @@ void TLSClient::connect (const std::string& host, const std::string& port)
   if (ret < 0)
     throw format (STRING_CMD_SYNC_HANDSHAKE, gnutls_strerror (ret));
 
+#if GNUTLS_VERSION_NUMBER < 0x02090a
+  // The automatic verification for the server certificate with
+  // gnutls_certificate_set_verify_function does only work with gnutls
+  // >=2.9.10. So with older versions we should call the verify function
+  // manually after the gnutls handshake.
+  ret = verify_certificate_callback(_session);
+  if (ret < 0)
+    throw std::string (STRING_TLS_INIT_FAIL);
+#endif
+
   if (_debug)
   {
 #if GNUTLS_VERSION_NUMBER >= 0x03010a