diff -r 2008238cdc04 src/pkg/crypto/tls/handshake_client_test.go
--- a/src/pkg/crypto/tls/handshake_client_test.go	Wed Sep 03 14:17:04 2014 +1000
+++ b/src/pkg/crypto/tls/handshake_client_test.go	Wed Sep 03 00:14:03 2014 -0700
@@ -488,3 +488,37 @@
 	}
 	runClientTestTLS12(t, test)
 }
+
+func TestClientVerifyCertificate(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping in short mode")
+	}
+	var called bool
+	clientConfig := Config{
+		VerifyCertificate: func(chains [][]*x509.Certificate) error {
+			called = true
+			return nil
+		},
+	}
+
+	conn, err := Dial("tcp", "mail.google.com:443", &clientConfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+	conn.Close()
+	if !called {
+		t.Error("Expected VerifyCertificate to be called during dial")
+	}
+
+	clientConfig = Config{
+		VerifyCertificate: func(chains [][]*x509.Certificate) error {
+			return fmt.Errorf("got expected error")
+		},
+	}
+	conn, err = Dial("tcp", "mail.google.com:443", &clientConfig)
+	if err != nil && err.Error() == "got expected error" {
+		return
+	}
+	conn.Close()
+	t.Fatal("Expected error from VerifyCertificate to halt connection")
+}