diff --git a/src/gmnlm.c b/src/gmnlm.c

index 2fb9f20c77304bc2d9b2fbf50498ba6ee5f35c53..b5bb3895841528893eade2dc36e0ae39ab18a00c 100644

--- a/src/gmnlm.c

+++ b/src/gmnlm.c

@@ -1343,9 +1343,11 @@ case TOFU_VALID:

assert(0); // Invariant

case TOFU_INVALID_CERT:

snprintf(prompt, sizeof(prompt),

- "The server presented an invalid certificate. If you choose to proceed, "

- "you should not disclose personal information or trust the contents of the page.\n"

- "trust [o]nce; [a]bort\n"

+ "The certificate offered by this server IS INVALID.\n"

+ "/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n"

+ "If you choose to proceed, you should not disclose personal information or trust "

+ "the contents of the page.\n"

+ "[a]bort; trust [o]nce\n"

"=> ");

break;

case TOFU_UNTRUSTED_CERT:;

@@ -1366,17 +1368,18 @@ "=> ", host, fingerprint);

free(host);

break;

case TOFU_FINGERPRINT_MISMATCH:

- fprintf(browser->tty,

+ snprintf(prompt, sizeof(prompt),

"The certificate offered by this server DOES NOT MATCH the one we have on file.\n"

"/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n"

"The unknown certificate's fingerprint is:\n"

"%s\n\n"

"The expected fingerprint is:\n"

"%s\n\n"

- "If you're certain that this is correct, edit %s:%d\n",

- fingerprint, khost->fingerprint,

- browser->tofu.known_hosts_path, khost->lineno);

- return TOFU_FAIL;

+ "If you choose to proceed, you should not disclose personal information or trust "

+ "the contents of the page.\n"

+ "[a]bort; trust [o]nce; [t]rust anyway\n"

+ "=> ", fingerprint, khost->fingerprint);

+ break;

}

bool prompting = true;