Comment 2 for bug 933729

Approved to show a dialog. However, please differ between self-signed/low trust certificates and mismatches. In the former case, a mild warning dialog is sufficient, but if SSL certificate validation fails because of a mismatch (e. g. server name changed) you should outright abort the operation and show an error; that's the very situation SSL is supposed to protect from, so asking the user to "do it anyway?" sounds dangerous. Unless I misunderstood what you meant with "mismatch"?