diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8800cc7ec..e030195bb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6059,11 +6059,13 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
 
     if( ssl->f_vrfy != NULL )
     {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) );
         f_vrfy = ssl->f_vrfy;
         p_vrfy = ssl->p_vrfy;
     }
     else
     {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) );
         f_vrfy = ssl->conf->f_vrfy;
         p_vrfy = ssl->conf->p_vrfy;
     }
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d952f33fd..59786afdf 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1008,6 +1008,20 @@ run_test    "Unique IV in GCM" \
             -u "IV used" \
             -U "IV used"
 
+# Test for context-specific CRT verification callback
+run_test    "Context-specific CRT verification callback" \
+            "$P_SRV debug_level=3" \
+            "$P_CLI context_crt_cb=1 debug_level=3" \
+            0 \
+            -s "Protocol is TLSv1.2" \
+            -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
+            -s "client hello v3, signature_algorithm ext: 6" \
+            -s "ECDHE curve: secp521r1" \
+            -S "error" \
+            -c "Use context-specific verification callback"\
+            -C "Use configuration-specific verification callback"\
+            -C "error"
+
 # Tests for rc4 option
 
 requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES