diff --git a/libmariadb b/libmariadb
index dddcf400af9..de6305915f8 160000
--- a/libmariadb
+++ b/libmariadb
@@ -1 +1 @@
-Subproject commit dddcf400af9a693fdbed4e692d71bf98b79b7aa1
+Subproject commit de6305915f86bb33c83b1fe782a2b8a76920aec1
diff --git a/mysql-test/main/openssl_1.test b/mysql-test/main/openssl_1.test
index 24525287ea0..7129311c996 100644
--- a/mysql-test/main/openssl_1.test
+++ b/mysql-test/main/openssl_1.test
@@ -81,7 +81,7 @@ drop table t1;
 #
 --replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
 --error 1
---exec $MYSQL_TEST --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca= --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 --echo
 
 #
@@ -90,7 +90,7 @@ drop table t1;
 #
 --replace_regex /2026 TLS\/SSL error.*/2026 TLS\/SSL error: xxxx/
 --error 1
---exec $MYSQL_TEST --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
+--exec $MYSQL_TEST --ssl-verify-server-cert --ssl-ca=nonexisting_file.pem --max-connect-retries=1 < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1
 --echo
 
 #
@@ -203,7 +203,7 @@ set global sql_mode=default;
 
 --replace_regex /TLS\/SSL error:.*/TLS\/SSL error/
 --error 1
---exec $MYSQL_BINLOG --read-from-remote-server --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
+--exec $MYSQL_BINLOG --read-from-remote-server --ssl-verify-server-cert --ssl-ca --user=root --host=localhost nobinlog.111111 2>&1
 
 # Wait till we reached the initial number of concurrent sessions
 --source include/wait_until_count_sessions.inc
diff --git a/mysql-test/main/ssl_ca.test b/mysql-test/main/ssl_ca.test
index b66afc22188..a7b97d4a299 100644
--- a/mysql-test/main/ssl_ca.test
+++ b/mysql-test/main/ssl_ca.test
@@ -9,8 +9,8 @@
 
 --replace_regex /TLS\/SSL error.*/TLS\/SSL error: xxxx/
 --error 1
---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1
+--exec $MYSQL --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/wrong-cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';" 2>&1
 --echo
 
 --echo # try to connect with correct '--ssl-ca' path : should connect
---exec $MYSQL --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';"
+--exec $MYSQL --ssl-verify-server-cert --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher';"
diff --git a/mysql-test/main/ssl_fp.result b/mysql-test/main/ssl_fp.result
index fe15e5f5a13..25b210a9328 100644
--- a/mysql-test/main/ssl_fp.result
+++ b/mysql-test/main/ssl_fp.result
@@ -8,5 +8,6 @@ ERROR 2026 (HY000): TLS/SSL error: Failed to verify the server certificate
 test.have_ssl()
 yes
 # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
-ERROR 2026 (HY000): TLS/SSL error: Fingerprint verification of server certificate failed
+test.have_ssl()
+yes
 drop function have_ssl;
diff --git a/mysql-test/main/ssl_fp.test b/mysql-test/main/ssl_fp.test
index 9f3685c4593..813e74abfc8 100644
--- a/mysql-test/main/ssl_fp.test
+++ b/mysql-test/main/ssl_fp.test
@@ -24,10 +24,9 @@ if($is_win)
 --echo # mysql --protocol tcp -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()"
 --exec $MYSQL --protocol tcp $host -uroot --ssl-fp=F1:D0:08:AF:A1:D2:F4:15:79:B4:39:06:41:F4:20:96:F1:90:A9:65 --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
 #
-# wrong fingerprint fails even with --disable-ssl-verify-server-cert
+# --disable-ssl-verify-server-cert disables fingerprint checks too
 #
 --echo # mysql --protocol tcp -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()"
---error 1
 --exec $MYSQL --protocol tcp $host -uroot --ssl-fp=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33 --disable-ssl-verify-server-cert -e "select test.have_ssl()" 2>&1
 
 drop function have_ssl;
diff --git a/mysql-test/main/ssl_system_ca,bad.result b/mysql-test/main/ssl_system_ca,bad.result
index 1799e9f5e32..4100fab8814 100644
--- a/mysql-test/main/ssl_system_ca,bad.result
+++ b/mysql-test/main/ssl_system_ca,bad.result
@@ -1 +1 @@
-ERROR 2026 (HY000): TLS/SSL error: Validation of SSL server certificate failed
+ERROR 2026 (HY000): TLS/SSL error: Hostname verification failed
diff --git a/mysql-test/suite/unit/disabled.def b/mysql-test/suite/unit/disabled.def
new file mode 100644
index 00000000000..75580dda4ab
--- /dev/null
+++ b/mysql-test/suite/unit/disabled.def
@@ -0,0 +1 @@
+conc_tls : broken