diff --git a/ChangeLog b/ChangeLog
index bf31b70c8..ea2dd730f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.16 released 2015-11-xx
+
+Bugfix
+   * Fix bug in certificate validation that caused valid chains to be rejected
+     when the first intermediate certificate has pathLenConstraint=0. Found by
+     Nicholas Wilson. Introduced in mbed TLS 1.3.15. #280
+
 = mbed TLS 1.3.15 released 2015-11-04
 
 Security
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 92a9b17d0..5a15c74fd 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2092,18 +2092,8 @@ int x509_crt_verify( x509_crt *crt,
     {
         /* Look for a parent upwards the chain */
         for( parent = crt->next; parent != NULL; parent = parent->next )
-        {
-            /* +2 because the current step is not yet accounted for
-             * and because max_pathlen is one higher than it should be */
-            if( parent->max_pathlen > 0 &&
-                parent->max_pathlen < 2 + pathlen )
-            {
-                continue;
-            }
-
             if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
                 break;
-        }
 
         /* Are we part of the chain or at the top? */
         if( parent != NULL )