diff --git a/src/lib/http.c b/src/lib/http.c
index bc0a9af..7b0a94c 100644
--- a/src/lib/http.c
+++ b/src/lib/http.c
@@ -134,10 +134,10 @@ int rfc3161_handler(struct mg_connection *conn, void *context) {
         log_hex(ct, LOG_DEBUG, "query hexdump content", (unsigned char *)query,
                 request_info->content_length);
 
-        int ts_resp = create_response(ct, query, query_len, ct->ts_ctx,
-                                      &content_length, &content, &serial_id);
-        if (ts_resp) {
-            resp_code = 200;
+        resp_code = create_response(ct, query, query_len, ct->ts_ctx,
+                                    &content_length, &content, &serial_id);
+        switch (resp_code) {
+        case 200:
             mg_printf(conn,
                       "HTTP/1.1 200 OK\r\n"
                       "Content-Type: application/timestamp-reply\r\n"
@@ -147,8 +147,16 @@ int rfc3161_handler(struct mg_connection *conn, void *context) {
             mg_write(conn, content, content_length);
             log_hex(ct, LOG_DEBUG, "response hexdump content", content,
                     content_length);
-        } else {
-            resp_code = 500;
+            break;
+        case 400:
+            mg_printf(conn,
+                      "HTTP/1.1 400 Bad Request\r\n"
+                      "Content-Type: text/plain\r\n"
+                      "Content-Length: 12\r\n" // Always set Content-Length
+                      "\r\n"
+                      "client error");
+            break;
+        default:
             mg_printf(conn,
                       "HTTP/1.1 500 Internal Server Error\r\n"
                       "Content-Type: text/plain\r\n"
diff --git a/src/lib/rfc3161.c b/src/lib/rfc3161.c
index b00b121..844f224 100644
--- a/src/lib/rfc3161.c
+++ b/src/lib/rfc3161.c
@@ -263,44 +263,44 @@ end:
         uts_logger(ct, LOG_INFO,
                    "timestamp request granted (response serial '%s...')",
                    *serial_id);
-        ret = 1;
+        ret = 200;
         break;
     case TS_STATUS_GRANTED_WITH_MODS:
         uts_logger(ct, LOG_NOTICE, "timestamp request granted with "
                                    "modification (response serial '%s...')",
                    *serial_id);
-        ret = 1;
+        ret = 200;
         break;
     case TS_STATUS_REJECTION:
         uts_logger(ct, LOG_WARNING,
                    "timestamp request rejected (response serial '%s...')",
                    *serial_id);
-        ret = 0;
+        ret = 400;
         break;
     case TS_STATUS_WAITING:
         uts_logger(ct, LOG_NOTICE,
                    "timestamp request waiting (response serial '%s...')",
                    *serial_id);
-        ret = 0;
+        ret = 400;
         break;
     case TS_STATUS_REVOCATION_WARNING:
         uts_logger(
             ct, LOG_WARNING,
             "timestamp request revocation warning (response serial '%s...')",
             *serial_id);
-        ret = 0;
+        ret = 200;
         break;
     case TS_STATUS_REVOCATION_NOTIFICATION:
         uts_logger(ct, LOG_NOTICE, "timestamp request revovation notification "
                                    "(response serial '%s...')",
                    *serial_id);
-        ret = 0;
+        ret = 500;
         break;
     default:
         uts_logger(ct, LOG_ERR,
                    "unknown error code '%d' (response serial '%s...')", status,
                    *serial_id);
-        ret = 0;
+        ret = 500;
     }
 
     // log the openssl errors