diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index b03e38b831..e0dd7cd024 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -535,8 +535,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
         goto cleanup;
     if ((rv = virConfGetValueBool(conf, "vnc_tls_x509_verify", &cfg->vncTLSx509verify)) < 0)
         goto cleanup;
-    if (rv == 0)
-        cfg->vncTLSx509verify = cfg->defaultTLSx509verify;
+    if (rv == 1)
+        cfg->vncTLSx509verifyPresent = true;
     if (virConfGetValueString(conf, "vnc_tls_x509_cert_dir", &cfg->vncTLSx509certdir) < 0)
         goto cleanup;
     if (virConfGetValueString(conf, "vnc_listen", &cfg->vncListen) < 0)
@@ -601,8 +601,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
         if ((rv = virConfGetValueBool(conf, #val "_tls_x509_verify", \
                                       &cfg->val## TLSx509verify)) < 0) \
             goto cleanup; \
-        if (rv == 0) \
-            cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \
+        if (rv == 1) \
+            cfg->val## TLSx509verifyPresent = true; \
         if ((rv = virConfGetValueString(conf, #val "_tls_x509_cert_dir", \
                                   &cfg->val## TLSx509certdir)) < 0) \
             goto cleanup; \
@@ -1056,6 +1056,28 @@ virQEMUDriverConfigValidate(virQEMUDriverConfigPtr cfg)
 }
 
 
+int
+virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
+{
+    int ret = -1;
+
+#define SET_TLS_VERIFY_DEFAULT(val) \
+    do { \
+        if (!cfg->val## TLSx509verifyPresent) \
+            cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \
+    } while (0)
+
+    SET_TLS_VERIFY_DEFAULT(vnc);
+    SET_TLS_VERIFY_DEFAULT(chardev);
+    SET_TLS_VERIFY_DEFAULT(migrate);
+
+#undef SET_TLS_VERIFY_DEFAULT
+
+    ret = 0;
+    return ret;
+}
+
+
 virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver)
 {
     virQEMUDriverConfigPtr conf;
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 1013cfcaed..87e730058b 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -122,6 +122,7 @@ struct _virQEMUDriverConfig {
     bool vncAutoUnixSocket;
     bool vncTLS;
     bool vncTLSx509verify;
+    bool vncTLSx509verifyPresent;
     bool vncSASL;
     char *vncTLSx509certdir;
     char *vncListen;
@@ -139,10 +140,12 @@ struct _virQEMUDriverConfig {
     bool chardevTLS;
     char *chardevTLSx509certdir;
     bool chardevTLSx509verify;
+    bool chardevTLSx509verifyPresent;
     char *chardevTLSx509secretUUID;
 
     char *migrateTLSx509certdir;
     bool migrateTLSx509verify;
+    bool migrateTLSx509verifyPresent;
     char *migrateTLSx509secretUUID;
 
     unsigned int remotePortMin;
@@ -317,6 +320,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
 int
 virQEMUDriverConfigValidate(virQEMUDriverConfigPtr cfg);
 
+int
+virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg);
+
 virQEMUDriverConfigPtr virQEMUDriverGetConfig(virQEMUDriverPtr driver);
 bool virQEMUDriverIsPrivileged(virQEMUDriverPtr driver);
 
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 1d961707cc..5032edec50 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -628,6 +628,9 @@ qemuStateInitialize(bool privileged,
     if (virQEMUDriverConfigValidate(cfg) < 0)
         goto error;
 
+    if (virQEMUDriverConfigSetDefaults(cfg) < 0)
+        goto error;
+
     if (virFileMakePath(cfg->stateDir) < 0) {
         virReportSystemError(errno, _("Failed to create state dir %s"),
                              cfg->stateDir);