diff --git a/ChangeLog b/ChangeLog
index 90c6e6bcf..f008cdc5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,7 +25,12 @@ Bugfix
      to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
      KNOX Security, Samsung Research America
 
-= mbed TLS 1.3.20 branch released 2017-06-21
+Changes
+   * Certificate verification functions now set flags to -1 in case the full
+     chain was not verified due to an internal error (including in the verify
+     callback) or chain length limitations.
+
+= mbed TLS 1.3.20 released 2017-06-21
 
 Security
    * Fixed unlimited overread of heap-based buffer in ssl_read().
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 2b3eef757..70ad356a9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2147,7 +2147,7 @@ int x509_crt_verify( x509_crt *crt,
         ret = x509_crt_verify_top( crt, parent, ca_crl,
                                    pathlen, selfsigned, flags, f_vrfy, p_vrfy );
         if( ret != 0 )
-            return( ret );
+            goto exit;
     }
     else
     {
@@ -2162,17 +2162,24 @@ int x509_crt_verify( x509_crt *crt,
             ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl,
                                          pathlen, selfsigned, flags, f_vrfy, p_vrfy );
             if( ret != 0 )
-                return( ret );
+                goto exit;
         }
         else
         {
             ret = x509_crt_verify_top( crt, trust_ca, ca_crl,
                                        pathlen, selfsigned, flags, f_vrfy, p_vrfy );
             if( ret != 0 )
-                return( ret );
+                goto exit;
         }
     }
 
+exit:
+    if( ret != 0 )
+    {
+        *flags = (uint32_t) -1;
+        return( ret );
+    }
+
     if( *flags != 0 )
         return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
 
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index a1a861e86..f68e966e2 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1182,7 +1182,7 @@ x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":POLARSSL_
 
 X509 CRT verify long chain (max intermediate CA + 1)
 depends_on:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
-x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":POLARSSL_X509_MAX_INTERMEDIATE_CA+1:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0
+x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":POLARSSL_X509_MAX_INTERMEDIATE_CA+1:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:-1
 
 X509 CRT verify chain #1 (zero pathlen intermediate)
 depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index b84cf64d5..82e459603 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -497,7 +497,7 @@ void x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
 {
     char file_buf[128];
     int ret;
-    uint32_t flags;
+    int flags;
     x509_crt trusted, chain;
 
     /*
@@ -522,7 +522,7 @@ void x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
     ret = x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
                                    NULL, NULL );
     TEST_ASSERT( ret == ret_chk );
-    TEST_ASSERT( flags == (uint32_t) flags_chk );
+    TEST_ASSERT( flags == flags_chk );
 
 exit:
     x509_crt_free( &chain );