diff --git a/ChangeLog b/ChangeLog
index 50b3b4450e..fc51140c63 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,6 +40,8 @@ Changes in version 0.2.1.20 - 2009-??-??
       excluded in ExcludeExitNodes, but the circuit is not used to access
       the outside world. This should help fix bug 1090. Bugfix on
       0.2.1.6-alpha.
+    - Teach connection_ap_can_use_exit to respect the Exclude*Nodes config
+      options. Should fix bug 1090. Bugfix on 0.0.2-pre16.
 
   o Minor features:
     - Add a "getinfo status/accepted-server-descriptor" controller
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index d699591cdc..ba1304a653 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2851,11 +2851,13 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn)
 /** Return 1 if router <b>exit</b> is likely to allow stream <b>conn</b>
  * to exit from it, or 0 if it probably will not allow it.
  * (We might be uncertain if conn's destination address has not yet been
- * resolved.)
+ * resolved.) If the router is in the list of excluded nodes, also return 0;
  */
 int
 connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
 {
+  or_options_t *options = get_options();
+
   tor_assert(conn);
   tor_assert(conn->_base.type == CONN_TYPE_AP);
   tor_assert(conn->socks_request);
@@ -2901,6 +2903,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
     if (!conn->chosen_exit_name && policy_is_reject_star(exit->exit_policy))
       return 0;
   }
+  if (options->_ExcludeExitNodesUnion &&
+      routerset_contains_router(options->_ExcludeExitNodesUnion, exit))
+    return 0;
+
   return 1;
 }