diff --git a/VERSION.txt b/VERSION.txt
index 52e191839de..dd632e40ce3 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -20,6 +20,7 @@ jetty-7.4.1.v20110513
  + 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir
  + 345290 Weak references from SessionIdManager. HashSessionManager cleanup.
  + 345543 Always close endpoint on SSLException
+ + 345656 Disambiguate SslContextFactory#validateCerts property 
  + 345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory
  + 345704 jetty-nested works with forwarded SSL in cloudfoundry
  + JETTY-954 WebAppContext eats any start exceptions instead of stopping the server load
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
index c9036ba445d..8b139851601 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
@@ -137,6 +137,8 @@ public class SslContextFactory extends AbstractLifeCycle
 
     /** Set to true if SSL certificate validation is required */
     private boolean _validateCerts;
+    /** Set to true if SSL certificate of the peer validation is required */
+    private boolean _validatePeerCerts;
     /** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
     private int _maxCertPathLength = -1;
     /** Path to file that contains Certificate Revocation List */
@@ -541,6 +543,27 @@ public class SslContextFactory extends AbstractLifeCycle
         _validateCerts = validateCerts;
     }
 
+    /* ------------------------------------------------------------ */
+    /**
+     * @return true if SSL certificates of the peer have to be validated
+     */
+    public boolean isValidatePeerCerts()
+    {
+        return _validatePeerCerts;
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @param validatePeerCerts
+     *            true if SSL certificates of the peer have to be validated
+     */
+    public void setValidatePeerCerts(boolean validatePeerCerts)
+    {
+        checkStarted();
+        
+        _validatePeerCerts = validatePeerCerts;
+    }
+
     /* ------------------------------------------------------------ */
     /**
      * @return True if SSL re-negotiation is allowed (default false)
@@ -928,7 +951,7 @@ public class SslContextFactory extends AbstractLifeCycle
         if (trustStore != null)
         {
             // Revocation checking is only supported for PKIX algorithm
-            if (_validateCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
+            if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
             {
                 PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());