After upgrading to Emacs 25, I get gnutls-negotiate: Certificate validation failed for [hostname] verification code 402 on connecting to my weechat IRC proxy, with no prompt about accepting things anyway. I already have
(add-to-list 'gnutls-trustfiles "~/.emacs.d/weechat-relay.cert")
where weechat-relay.cert is the CERTIFICATE part of the weechat IRC proxy ssl key.
I tried gnutls-cli hostname -p 9001 to check if there actually was a problem with the cert (and not just my Emacs 25) and it turns out the certificate was expired. So it seems Emacs 24 didn't care about expiry (nor did the weechat android app). Redoing http://www.weechat.org/files/doc/stable/weechat_user.en.html#relay_ssl (and updating my ~/.emacs.d/weechat-relay.cert) solved it.
It would of course be nice if Emacs could say it was expired instead of just "402" (which gnutls docs say is the rather unhelpful GNUTLS_E_LIB_IN_ERROR_STATE).