diff --git a/doc/configuration.txt b/doc/configuration.txt
index 5811dc5c5..f2612012a 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -16576,8 +16576,10 @@ jwt_verify(<alg>,<key>)
   Performs a signature verification for the JSON Web Token (JWT) given in input
   by using the <alg> algorithm and the <key> parameter, which should either
   hold a secret or a path to a public certificate. Returns 1 in case of
-  verification success. See below for a full list of the possible return
-  values.
+  verification success, 0 in case of verification error and a strictly negative
+  value for any other error. Because of all those non-null error return values,
+  the result of this converter should never be converted to a boolean. See
+  below for a full list of the possible return values.
 
   For now, only JWS tokens using the Compact Serialization format can be
   processed (three dot-separated base64-url encoded strings). Among the
@@ -16604,13 +16606,13 @@ jwt_verify(<alg>,<key>)
   +----+----------------------------------------------------------------------+
   | ID | message                                                              |
   +----+----------------------------------------------------------------------+
-  | 0  | "Verification failure"                                               |
-  | 1  | "Verification sucess"                                                |
-  | 2  | "Unknown algorithm (not mentioned in RFC7518)"                       |
-  | 3  | "Unmanaged algorithm (PSXXX algorithm family)"                       |
-  | 4  | "Invalid token"                                                      |
-  | 5  | "Out of memory"                                                      |
-  | 6  | "Unknown certificate"                                                |
+  |  0 | "Verification failure"                                               |
+  |  1 | "Verification sucess"                                                |
+  | -1 | "Unknown algorithm (not mentioned in RFC7518)"                       |
+  | -2 | "Unmanaged algorithm (PSXXX algorithm family)"                       |
+  | -3 | "Invalid token"                                                      |
+  | -4 | "Out of memory"                                                      |
+  | -5 | "Unknown certificate"                                                |
   +----+----------------------------------------------------------------------+
 
   Please note that this converter is only available when HAProxy has been
diff --git a/include/haproxy/jwt-t.h b/include/haproxy/jwt-t.h
index a781b0af0..e94607eea 100644
--- a/include/haproxy/jwt-t.h
+++ b/include/haproxy/jwt-t.h
@@ -72,11 +72,12 @@ struct jwt_cert_tree_entry {
 enum jwt_vrfy_status {
 	JWT_VRFY_KO = 0,
 	JWT_VRFY_OK = 1,
-	JWT_VRFY_UNKNOWN_ALG,
-	JWT_VRFY_UNMANAGED_ALG,
-	JWT_VRFY_INVALID_TOKEN,
-	JWT_VRFY_OUT_OF_MEMORY,
-	JWT_VRFY_UNKNOWN_CERT
+
+	JWT_VRFY_UNKNOWN_ALG   = -1,
+	JWT_VRFY_UNMANAGED_ALG = -2,
+	JWT_VRFY_INVALID_TOKEN = -3,
+	JWT_VRFY_OUT_OF_MEMORY = -4,
+	JWT_VRFY_UNKNOWN_CERT  = -5
 };
 
 #endif /* USE_OPENSSL */
diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc
index 47d5303a4..129e1b38f 100644
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@@ -152,7 +152,7 @@ client c4 -connect ${h1_mainfe_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "HS512"
-    expect resp.http.x-jwt-verify-HS512 == "4"
+    expect resp.http.x-jwt-verify-HS512 == "-3"
 } -run
 
 
@@ -269,7 +269,7 @@ client c13 -connect ${h1_mainfe_sock} {
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "PS512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "3"
+    expect resp.http.x-jwt-verify == "-2"
 } -run
 
 # Unknown algorithm
@@ -281,7 +281,7 @@ client c14 -connect ${h1_mainfe_sock} {
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "UNKNOWN_ALG"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "2"
+    expect resp.http.x-jwt-verify == "-1"
 } -run
 
 # Invalid token (not enough fields)
@@ -293,7 +293,7 @@ client c15 -connect ${h1_mainfe_sock} {
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "4"
+    expect resp.http.x-jwt-verify == "-3"
 } -run
 
 # Invalid token (too many fields)
@@ -305,7 +305,7 @@ client c16 -connect ${h1_mainfe_sock} {
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "4"
+    expect resp.http.x-jwt-verify == "-3"
 } -run
 
 # Invalid token (empty signature)
@@ -317,7 +317,7 @@ client c17 -connect ${h1_mainfe_sock} {
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "4"
+    expect resp.http.x-jwt-verify == "-3"
 } -run
 
 # Unknown certificate
@@ -332,5 +332,5 @@ client c18 -connect ${h1_mainfe_sock} {
     expect resp.status == 200
     expect resp.http.x-jwt-alg == "ES512"
     # Unmanaged algorithm
-    expect resp.http.x-jwt-verify == "6"
+    expect resp.http.x-jwt-verify == "-5"
 } -run