diff --git a/include/ma_common.h b/include/ma_common.h
index f1310128..41ddd31b 100644
--- a/include/ma_common.h
+++ b/include/ma_common.h
@@ -86,7 +86,7 @@ struct st_mysql_options_extension {
   unsigned short rpl_port;
   void (*status_callback)(void *ptr, enum enum_mariadb_status_info type, ...);
   void *status_data;
-  my_bool tls_verify_server_cert;
+  my_bool tls_allow_invalid_server_cert;
 };
 
 typedef struct st_connection_handler
diff --git a/libmariadb/ma_pvio.c b/libmariadb/ma_pvio.c
index 860e8b5b..fb2506f3 100644
--- a/libmariadb/ma_pvio.c
+++ b/libmariadb/ma_pvio.c
@@ -544,7 +544,7 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio)
      2. verify CN (requires option ssl_verify_check)
      3. verrify finger print
   */
-  if (pvio->mysql->options.extension->tls_verify_server_cert &&
+  if (!pvio->mysql->options.extension->tls_allow_invalid_server_cert &&
          !pvio->mysql->net.tls_self_signed_error &&
          ma_pvio_tls_verify_server_cert(pvio->ctls))
     return 1;
diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
index dd181bc4..dd6587a7 100644
--- a/libmariadb/mariadb_lib.c
+++ b/libmariadb/mariadb_lib.c
@@ -3550,7 +3550,7 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...)
     mysql->options.use_ssl= (*(my_bool *)arg1);
     break;
   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-    OPT_SET_EXTENDED_VALUE(&mysql->options, tls_verify_server_cert, *(my_bool *)arg1);
+    OPT_SET_EXTENDED_VALUE(&mysql->options, tls_allow_invalid_server_cert, !*(my_bool *)arg1);
     break;
   case MYSQL_OPT_SSL_KEY:
     OPT_SET_VALUE_STR(&mysql->options, ssl_key, (char *)arg1);
@@ -3916,7 +3916,7 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
     *((my_bool *)arg)= mysql->options.use_ssl;
     break;
   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-    *((my_bool*)arg) = mysql->options.extension ? mysql->options.extension->tls_verify_server_cert : 0;
+    *((my_bool*)arg) = mysql->options.extension ? !mysql->options.extension->tls_allow_invalid_server_cert: 1;
     break;
   case MYSQL_OPT_SSL_KEY:
     *((char **)arg)= mysql->options.ssl_key;
diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c
index 9e9265fc..34341baf 100644
--- a/libmariadb/secure/gnutls.c
+++ b/libmariadb/secure/gnutls.c
@@ -1357,7 +1357,7 @@ static int my_verify_callback(gnutls_session_t ssl)
 
   CLEAR_CLIENT_ERROR(mysql);
 
-  if ((mysql->options.extension->tls_verify_server_cert))
+  if (!mysql->options.extension->tls_allow_invalid_server_cert)
   {
     const char *hostname= mysql->host;
 
@@ -1375,7 +1375,7 @@ static int my_verify_callback(gnutls_session_t ssl)
     if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
     {
       /* accept self signed certificates if we don't have to verify server cert */
-      if (!mysql->options.extension->tls_verify_server_cert)
+      if (mysql->options.extension->tls_allow_invalid_server_cert)
         return 0;
 
       /* postpone the error for self signed certificates if CA isn't set */
diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c
index 7309e9e0..0fdb040c 100644
--- a/libmariadb/secure/openssl.c
+++ b/libmariadb/secure/openssl.c
@@ -506,7 +506,7 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
   /* In case handshake failed or if a root certificate (ca) was specified,
      we need to check the result code of X509 verification. A detailed check
      of the peer certificate (hostname checking will follow later) */
-  if (rc != 1 || mysql->options.extension->tls_verify_server_cert ||
+  if (rc != 1 || !mysql->options.extension->tls_allow_invalid_server_cert ||
       mysql->options.ssl_ca || mysql->options.ssl_capath)
   {
     long x509_err= SSL_get_verify_result(ssl);
diff --git a/libmariadb/secure/schannel.c b/libmariadb/secure/schannel.c
index e9231efb..7fa564fb 100644
--- a/libmariadb/secure/schannel.c
+++ b/libmariadb/secure/schannel.c
@@ -451,11 +451,11 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
     goto end;
 
    verify_certs =  mysql->options.ssl_ca || mysql->options.ssl_capath ||
-     (mysql->options.extension->tls_verify_server_cert);
+     !mysql->options.extension->tls_allow_invalid_server_cert;
 
   if (verify_certs)
   {
-    if (!ma_schannel_verify_certs(ctls, mysql->options.extension->tls_verify_server_cert))
+    if (!ma_schannel_verify_certs(ctls, !mysql->options.extension->tls_allow_invalid_server_cert))
       goto end;
   }
 
diff --git a/plugins/auth/my_auth.c b/plugins/auth/my_auth.c
index d93646eb..1195f1cd 100644
--- a/plugins/auth/my_auth.c
+++ b/plugins/auth/my_auth.c
@@ -253,7 +253,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
   if (mysql->options.ssl_key || mysql->options.ssl_cert ||
       mysql->options.ssl_ca || mysql->options.ssl_capath ||
       mysql->options.ssl_cipher || mysql->options.use_ssl ||
-      mysql->options.extension->tls_verify_server_cert)
+      !mysql->options.extension->tls_allow_invalid_server_cert)
     mysql->options.use_ssl= 1;
   if (mysql->options.use_ssl)
     mysql->client_flag|= CLIENT_SSL;
@@ -273,16 +273,16 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
        mysql->net.pvio->type == PVIO_TYPE_SHAREDMEM))
   {
     mysql->server_capabilities &= ~(CLIENT_SSL);
-    mysql->options.extension->tls_verify_server_cert= 0;
+    mysql->options.extension->tls_allow_invalid_server_cert= 1;
   }
 
   /* if server doesn't support SSL and verification of server certificate
      was set to mandatory, we need to return an error */
   if (mysql->options.use_ssl && !(mysql->server_capabilities & CLIENT_SSL))
   {
-    if (mysql->options.extension->tls_verify_server_cert ||
-        (mysql->options.extension && (mysql->options.extension->tls_fp || 
-                                      mysql->options.extension->tls_fp_list)))
+    if (!mysql->options.extension->tls_allow_invalid_server_cert ||
+        mysql->options.extension->tls_fp ||
+        mysql->options.extension->tls_fp_list)
     {
       my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
                           ER(CR_SSL_CONNECTION_ERROR), 
@@ -783,7 +783,7 @@ retry:
     return 0;
 
   assert(mysql->options.use_ssl);
-  assert(mysql->options.extension->tls_verify_server_cert);
+  assert(!mysql->options.extension->tls_allow_invalid_server_cert);
   assert(!mysql->options.ssl_ca);
   assert(!mysql->options.ssl_capath);
   assert(!mysql->options.extension->tls_fp);
diff --git a/unittest/libmariadb/connection.c b/unittest/libmariadb/connection.c
index fa232cad..761e6394 100644
--- a/unittest/libmariadb/connection.c
+++ b/unittest/libmariadb/connection.c
@@ -686,6 +686,7 @@ int test_connection_timeout2(MYSQL *unused __attribute__((unused)))
   unsigned int timeout= 5;
   time_t start, elapsed;
   MYSQL *mysql;
+  my_bool no= 0;
 
   SKIP_SKYSQL;
   SKIP_MAXSCALE;
@@ -694,6 +695,7 @@ int test_connection_timeout2(MYSQL *unused __attribute__((unused)))
   mysql= mysql_init(NULL);
   mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (unsigned int *)&timeout);
   mysql_options(mysql, MYSQL_INIT_COMMAND, "set @a:=SLEEP(7)");
+  mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &no);
   start= time(NULL);
   if (my_test_connect(mysql, hostname, username, password, schema, port, socketname, CLIENT_REMEMBER_OPTIONS))
   {