diff --git a/keystoneclient/session.py b/keystoneclient/session.py
index 4398e76a9..7068fcde6 100644
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -55,7 +55,8 @@ class Session(object):
         :param verify: The verification arguments to pass to requests. These
                        are of the same form as requests expects, so True or
                        False to verify (or not) against system certificates or
-                       a path to a bundle or CA certs to check against.
+                       a path to a bundle or CA certs to check against or None
+                       for requests to attempt to locate and use certificates.
                        (optional, defaults to True)
         :param cert: A client certificate to pass to requests. These are of the
                      same form as requests expects. Either a single filename
@@ -171,6 +172,11 @@ class Session(object):
 
         string_parts = ['curl -i']
 
+        # NOTE(jamielennox): None means let requests do its default validation
+        # so we need to actually check that this is False.
+        if self.verify is False:
+            string_parts.append('--insecure')
+
         if method:
             string_parts.extend(['-X', method])
 
diff --git a/keystoneclient/tests/test_session.py b/keystoneclient/tests/test_session.py
index 4eb4c9657..8b5c47f3e 100644
--- a/keystoneclient/tests/test_session.py
+++ b/keystoneclient/tests/test_session.py
@@ -16,6 +16,7 @@
 import httpretty
 import mock
 import requests
+import six
 
 from keystoneclient.auth import base
 from keystoneclient import exceptions
@@ -141,6 +142,23 @@ class SessionTests(utils.TestCase):
         self.assertRaises(exceptions.InternalServerError,
                           session.get, self.TEST_URL)
 
+    @httpretty.activate
+    def test_session_debug_output(self):
+        session = client_session.Session(verify=False)
+        headers = {'HEADERA': 'HEADERVALB'}
+        body = 'BODYRESPONSE'
+        self.stub_url(httpretty.POST, body=body)
+        session.post(self.TEST_URL, headers=headers)
+
+        self.assertIn('curl', self.logger.output)
+        self.assertIn('POST', self.logger.output)
+        self.assertIn('--insecure', self.logger.output)
+        self.assertIn(body, self.logger.output)
+
+        for k, v in six.iteritems(headers):
+            self.assertIn(k, self.logger.output)
+            self.assertIn(v, self.logger.output)
+
 
 class RedirectTests(utils.TestCase):
 
diff --git a/keystoneclient/tests/utils.py b/keystoneclient/tests/utils.py
index 173acfa0e..470e66430 100644
--- a/keystoneclient/tests/utils.py
+++ b/keystoneclient/tests/utils.py
@@ -12,9 +12,11 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import logging
 import sys
 import time
 
+import fixtures
 import httpretty
 import mock
 from mox3 import mox
@@ -40,6 +42,7 @@ class TestCase(testtools.TestCase):
     def setUp(self):
         super(TestCase, self).setUp()
         self.mox = mox.Mox()
+        self.logger = self.useFixture(fixtures.FakeLogger(level=logging.DEBUG))
         self.time_patcher = mock.patch.object(time, 'time', lambda: 1234)
         self.time_patcher.start()