diff --git a/crypto/x509/verify_extra_test.c b/crypto/x509/verify_extra_test.c
index 08509f013..a1e41f282 100644
--- a/crypto/x509/verify_extra_test.c
+++ b/crypto/x509/verify_extra_test.c
@@ -168,7 +168,8 @@ static int test_alt_chains_cert_forgery(void)
 
     i = X509_verify_cert(sctx);
 
-    if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
+    if(i == 0 && X509_STORE_CTX_get_error(sctx)
+                 == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) {
         /* This is the result we were expecting: Test passed */
         ret = 1;
     }
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2e4c54b81..7009ae630 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -312,7 +312,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
          * if the user hasn't switched off alternate chain checking
          */
         retry = 0;
-        if (j == ctx->last_untrusted &&
+        if (num == ctx->last_untrusted &&
             !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
             while (j-- > 1) {
                 xtmp2 = sk_X509_value(ctx->chain, j - 1);