diff --git a/NEWS b/NEWS
index 758c30d3..eb11925c 100644
--- a/NEWS
+++ b/NEWS
@@ -35,6 +35,7 @@ NEWS
   * [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
   * [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
   * [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
+  * [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
 
 - 1.4.39 - 2016-01-02
   * [core] fix memset_s call (fixes #2698)
diff --git a/src/network.c b/src/network.c
index 017d77dd..a6022e81 100644
--- a/src/network.c
+++ b/src/network.c
@@ -151,6 +151,8 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
 			NULL
 		);
 		SSL_set_verify_depth(ssl, con->conf.ssl_verifyclient_depth);
+	} else {
+		SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
 	}
 
 	return SSL_TLSEXT_ERR_OK;