diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6096f4608..7b8570c74 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -621,8 +621,8 @@ static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certi
 	id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
 
 	rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
-	if (rc != V_OCSP_CERTSTATUS_GOOD) {
-		memprintf(err, "OCSP single response: certificate status not good");
+	if (rc == V_OCSP_CERTSTATUS_UNKNOWN) {
+		memprintf(err, "OCSP single response: certificate status is unknown");
 		goto out;
 	}