diff --git a/src/internal.c b/src/internal.c
index 18732349d..dbdc5dbb4 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12397,7 +12397,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             }
 
         #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-            if (args->untrustedDepth > ssl->options.verifyDepth) {
+            /* limit compliant with OpenSSL verify Depth + 1 */
+            if (args->untrustedDepth > (ssl->options.verifyDepth + 1)) {
                 ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
                 ret = MAX_CHAIN_ERROR;
             }
diff --git a/tests/api.c b/tests/api.c
index ad2ad6dc1..d4197d89e 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -4595,8 +4595,8 @@ static void test_wolfSSL_CTX_verifyDepth_ServerClient(void)
         client_args.argc = -1;
         test_client_verifyDepth(&client_args);
         join_thread(serverThread);
-        AssertIntEQ(client_args.return_code, TEST_FAIL);
-        AssertIntEQ(server_args.return_code, TEST_FAIL);
+        AssertIntEQ(client_args.return_code, TEST_SUCCESS);
+        AssertIntEQ(server_args.return_code, TEST_SUCCESS);
     }
     
     FreeTcpReady(&ready);