diff --git a/Cargo.lock b/Cargo.lock
index 041364d1..4e9c3163 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -489,9 +489,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.25"
+version = "0.23.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "822ee9188ac4ec04a2f0531e55d035fb2de73f18b41a63c70c2712503b6fb13c"
+checksum = "730944ca083c1c233a75c09f199e973ca499344a2b7ba9e755c457e86fb4a321"
 dependencies = [
  "aws-lc-rs",
  "log",
@@ -521,9 +521,9 @@ checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.0"
+version = "0.103.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0aa4eeac2588ffff23e9d7a7e9b3f971c5fb5b7ebc9452745e0c232c64f83b2f"
+checksum = "7149975849f1abb3832b246010ef62ccc80d3a76169517ada7188252b9cfb437"
 dependencies = [
  "aws-lc-rs",
  "ring",
diff --git a/Cargo.toml b/Cargo.toml
index f1c5b05d..f343316d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,4 +14,4 @@ env_logger = "0.11"
 log = "0.4"
 openssl-probe = "0.1"
 openssl-sys = "0.9"
-rustls = "0.23.24"
+rustls = "0.23.27"
diff --git a/src/verifier.rs b/src/verifier.rs
index 36c8cbe8..336078ed 100644
--- a/src/verifier.rs
+++ b/src/verifier.rs
@@ -282,28 +282,18 @@ impl ClientCertVerifier for ClientVerifier {
 }
 
 fn translate_verify_result(result: &Result<(), Error>) -> i32 {
+    use CertificateError::*;
     match result {
         Ok(()) => X509_V_OK,
-        Err(Error::InvalidCertificate(CertificateError::UnknownIssuer)) => {
-            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
-        }
-        Err(Error::InvalidCertificate(CertificateError::NotValidYet))
-        | Err(Error::InvalidCertificate(CertificateError::NotValidYetContext { .. })) => {
-            X509_V_ERR_CERT_NOT_YET_VALID
-        }
-        Err(Error::InvalidCertificate(CertificateError::Expired))
-        | Err(Error::InvalidCertificate(CertificateError::ExpiredContext { .. })) => {
-            X509_V_ERR_CERT_HAS_EXPIRED
-        }
-        Err(Error::InvalidCertificate(CertificateError::Revoked)) => X509_V_ERR_CERT_REVOKED,
-        Err(Error::InvalidCertificate(CertificateError::InvalidPurpose)) => {
-            X509_V_ERR_INVALID_PURPOSE
-        }
-        Err(Error::InvalidCertificate(CertificateError::NotValidForName))
-        | Err(Error::InvalidCertificate(CertificateError::NotValidForNameContext { .. })) => {
-            X509_V_ERR_HOSTNAME_MISMATCH
-        }
-        // TODO: more mappings can go here
+        Err(Error::InvalidCertificate(error)) => match error {
+            UnknownIssuer => X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+            NotValidYet | NotValidYetContext { .. } => X509_V_ERR_CERT_NOT_YET_VALID,
+            Expired | ExpiredContext { .. } => X509_V_ERR_CERT_HAS_EXPIRED,
+            Revoked => X509_V_ERR_CERT_REVOKED,
+            InvalidPurpose | InvalidPurposeContext { .. } => X509_V_ERR_INVALID_PURPOSE,
+            NotValidForName | NotValidForNameContext { .. } => X509_V_ERR_HOSTNAME_MISMATCH,
+            _ => X509_V_ERR_UNSPECIFIED,
+        },
         Err(_) => X509_V_ERR_UNSPECIFIED,
     }
 }