diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 6b104613d7..ac324fddf6 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -108,6 +108,7 @@
 #define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
+#define MBEDTLS_X509_VERIFY_NOT_STARTED      0x100000  /**< No verification has yet been performed (used as a safe initial value). */
 
 /** \} name X509 Verify codes */
 /** \} addtogroup x509_module */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6b96039597..6ac17af67d 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -209,7 +209,10 @@ mbedtls_x509_crt_profile;
                         "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).")   \
     X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY,                                                    \
                         "MBEDTLS_X509_BADCRL_BAD_KEY",                                                  \
-                        "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
+                        "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")    \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_VERIFY_NOT_STARTED,                                                \
+                        "MBEDTLS_X509_VERIFY_NOT_STARTED",                                              \
+                        "No verification has yet been performed.")
 
 /**
  * Container for writing a certificate (CRT)