diff --git a/src/lib/tls/conf.c b/src/lib/tls/conf.c
index d9f5366b61d42..5b20b6e825632 100644
--- a/src/lib/tls/conf.c
+++ b/src/lib/tls/conf.c
@@ -249,10 +249,7 @@ static int tls_virtual_server_cf_parse(TALLOC_CTX *ctx, void *out, void *parent,
 
 	if (virtual_server_cf_parse(ctx, out, parent, ci, rule) < 0) return -1;
 
-	if (!conf->virtual_server) {
-		conf->verify_certificate = false;
-		return 0;
-	}
+	if (!conf->virtual_server) return 0;
 
 	conf->verify_certificate = cf_section_find(conf->virtual_server, "verify", "certificate") ? true : false;
 	return 0;
diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c
index fc064f3f3cc18..5cb32159b53a6 100644
--- a/src/lib/tls/verify.c
+++ b/src/lib/tls/verify.c
@@ -274,7 +274,7 @@ int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *x509_ctx)
 	 *	have been added by this point.
 	 */
 	if (my_ok && (depth == 0)) {
-		if (conf->virtual_server && tls_session->verify_client_cert) {
+		if (conf->verify_certificate && tls_session->verify_client_cert) {
 			RDEBUG2("Requesting certificate validation");
 
 			/*