diff --git a/client/client.go b/client/client.go
index 7f49ba6..f6601aa 100644
--- a/client/client.go
+++ b/client/client.go
@@ -41,6 +41,20 @@ func (bismuth BismuthClient) decryptMessage(aead cipher.AEAD, encMsg []byte) ([]
 	return decryptedData, nil
 }
 
+// Checks to see if a certificate is trusted in the client cache.
+//
+//   - `host`: The host of the server.
+//   - `certificateFingerprint`: A fingerprint of the servers key.
+//   - `isSelfSigned`: If true, the certificate is either actually self-signed, or
+//     verification is dsabled (CheckIfCertificatesAreSigned in BismuthClient is false)
+//   - `isTrustworthy`: If true, the certificate is signed by 51% of peers.
+type CertCheckCallback func(host, certificateFingerprint string, isSelfSigned, isTrustworthy bool) bool
+
+// Connects to a server using a provided method, with host being the host:
+//
+// OwnConnMethodCallback("google.com:80")
+type OwnConnMethodCallback func(address string) (net.Conn, error)
+
 // Bismuth Client
 type BismuthClient struct {
 	// GOpenPGP public key
@@ -48,9 +62,48 @@ type BismuthClient struct {
 	// GOpenPGP private key
 	PrivateKey *crypto.Key
 
+	// Check if the certificates are signed if enabled.
+	//
+	// If true, "cross-verifies" the server to make sure the certificates are signed.
+	//
+	// If false, all certificates will be reported as being self signed because we can't
+	// really prove otherwise.
+	CheckIfCertificatesAreSigned bool
+	// Checks to see if a certificate is trusted in the client cache.
+	// See CertCheckCallback for more typing information.
+	CertificateSignChecker CertCheckCallback
+
+	// Connects to a server (used for CheckIfCertificatesAreSigned if enabled/set to true).
+	ConnectToServer OwnConnMethodCallback
+
+	// GopenPGP instance
 	pgp *crypto.PGPHandle
 }
 
+// Initializes the client. Should be done automatically if you call New()
+//
+// If you don't call client.New(), you *MUST* call this function before running bismuth.Conn().
+func (bismuth *BismuthClient) InitializeClient() error {
+	if bismuth.pgp == nil {
+		bismuth.pgp = crypto.PGP()
+	}
+
+	if bismuth.CertificateSignChecker == nil {
+		bismuth.CertificateSignChecker = func(host, certificateFingerprint string, isSelfSigned, isTrustworthy bool) bool {
+			fmt.Println("WARNING: Using stub CertificateSignChecker. Returing true and ignoring arguments")
+			return true
+		}
+	}
+
+	if bismuth.ConnectToServer == nil {
+		bismuth.ConnectToServer = func(address string) (net.Conn, error) {
+			return net.Dial("tcp", address)
+		}
+	}
+
+	return nil
+}
+
 // Connects to a Bismuth server. This wraps an existing net.Conn interface.
 // The returned net.Conn is the server, but over bismuth.
 func (bismuth BismuthClient) Conn(conn net.Conn) (net.Conn, error) {
@@ -204,12 +257,15 @@ func New(pubKey string, privKey string) (*BismuthClient, error) {
 		return nil, err
 	}
 
-	pgp := crypto.PGP()
-
 	bismuth := BismuthClient{
 		PublicKey:  publicKey,
 		PrivateKey: privateKey,
-		pgp:        pgp,
+	}
+
+	err = bismuth.InitializeClient()
+
+	if err != nil {
+		return nil, err
 	}
 
 	return &bismuth, nil