diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 22b5d07e..ae864f50 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -155,13 +155,13 @@ LogOpenSSL_CertInfo(int level, X509 * cert, const char *msg)
 	mem = BIO_new(BIO_s_mem());
 	if (!mem)
 		return;
-	X509_NAME_print_ex(mem, X509_get_subject_name(cert), 4,
+	X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0,
 			   XN_FLAG_ONELINE);
-	X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 4, XN_FLAG_ONELINE);
+	X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_ONELINE);
 	if (BIO_write(mem, "", 1) == 1) {
 		len = BIO_get_mem_data(mem, &memptr);
 		if (memptr && len > 0)
-			Log(level, "%s: \"%s\"", msg, memptr);
+			Log(level, "%s: \"%s\".", msg, memptr);
 	}
 	(void)BIO_set_close(mem, BIO_CLOSE);
 	BIO_free(mem);
@@ -832,9 +832,12 @@ ConnSSL_HandleError(CONNECTION * c, const int code, const char *fname)
 				    "SSL error, client disconnected [in %s()]!",
 				    fname);
 				break;
-			case -1:	/* low level socket I/O error, check errno */
-				Log(LOG_ERR, "SSL error: %s [in %s()]!",
-				    strerror(real_errno), fname);
+			case -1:
+				/* Low level socket I/O error, check errno. But
+				 * we don't need to log this here, the generic
+				 * connection layer will take care of it. */
+				LogDebug("SSL error: %s [in %s()]!",
+					 strerror(real_errno), fname);
 			}
 		}
 		break;
diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index fab483e1..10042943 100644
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -2591,28 +2591,25 @@ cb_connserver_login_ssl(int sock, short unused)
 
 	serveridx = Conf_GetServer(idx);
 	assert(serveridx >= 0);
-	if (serveridx < 0)
-		goto err;
-
-	Log( LOG_INFO, "SSL connection %d with \"%s:%d\" established.", idx,
-	    My_Connections[idx].host, Conf_Server[Conf_GetServer( idx )].port );
 
+	/* The SSL handshake is done, but validation results were ignored so
+	 * far, so let's see where we are: */
+	LogDebug("SSL handshake on socket %d done.", idx);
 	if (!Conn_OPTION_ISSET(&My_Connections[idx], CONN_SSL_PEERCERT_OK)) {
 		if (Conf_Server[serveridx].SSLVerify) {
 			Log(LOG_ERR,
-				"SSLVerify enabled for %d, but peer certificate check failed",
-				idx);
-			goto err;
+				"Peer certificate check failed for \"%s\" on connection %d!",
+				My_Connections[idx].host, idx);
+			Conn_Close(idx, "Valid certificate required",
+				   NULL, false);
+			return;
 		}
 		Log(LOG_WARNING,
-			"Peer certificate check failed for %d, but SSLVerify is disabled, continuing",
-			idx);
+			"Peer certificate check failed for \"%s\" on connection %d, but \"SSLVerify\" is disabled. Continuing ...",
+			My_Connections[idx].host, idx);
 	}
+	LogDebug("Server certificate accepted, continuing server login ...");
 	server_login(idx);
-	return;
-      err:
-	Log(LOG_ERR, "SSL connection on socket %d failed!", sock);
-	Conn_Close(idx, "Can't connect!", NULL, false);
 }