diff --git a/src/net/http.rs b/src/net/http.rs
index 8a712a6..9152adc 100644
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -148,7 +148,7 @@ impl HttpClient for NgxHttpClient<'_> {
             .connect_to(authority.as_str(), &self.resolver, ssl)
             .await?;
 
-        if self.ssl_verify {
+        if ssl.is_some() && self.ssl_verify {
             if let Err(err) = peer.verify_peer() {
                 let _ = future::poll_fn(|cx| peer.as_mut().poll_shutdown(cx)).await;
                 return Err(err.into());
diff --git a/src/net/peer_conn.rs b/src/net/peer_conn.rs
index 8e9b427..f1be72b 100644
--- a/src/net/peer_conn.rs
+++ b/src/net/peer_conn.rs
@@ -219,6 +219,13 @@ impl PeerConnection {
     pub fn verify_peer(&mut self) -> Result<(), io::Error> {
         let c = self.connection_mut().ok_or(io::ErrorKind::NotConnected)?;
 
+        if c.ssl.is_null() {
+            return Err(io::Error::new(
+                io::ErrorKind::InvalidInput,
+                "cannot verify peer on a non-SSL connection",
+            ));
+        }
+
         let rc = unsafe { SSL_get_verify_result((*c.ssl).connection.cast()) };
         if rc != (X509_V_OK as c_long) {
             let err = unsafe { CStr::from_ptr(X509_verify_cert_error_string(rc)) };