--- a/src/lib-ssl-iostream/iostream-openssl-context.c	Fri Apr 07 15:47:27 2017 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c	Fri Apr 07 16:13:13 2017 +0300
@@ -310,7 +310,7 @@
 		have_ca = TRUE;
 	}
 
-	if (!have_ca) {
+	if (!have_ca && set->require_valid_cert) {
 		*error_r = !ctx->client_ctx ?
 			"Can't verify remote client certs without CA (ssl_ca setting)" :
 			"Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)";