diff --git a/matrix/fetch.cc b/matrix/fetch.cc
index 2d3b6fb43..b20f768a7 100644
--- a/matrix/fetch.cc
+++ b/matrix/fetch.cc
@@ -955,7 +955,7 @@ ircd::m::fetch::_check_event(const request &request,
 			&& json::get<"origin"_>(event) == request.origin
 		};
 
-		if(authoritative_redaction)
+		if(authoritative_redaction || !mismatch_hashes)
 			conforms.del(m::event::conforms::MISMATCH_HASHES);
 
 		thread_local char buf[128];
diff --git a/matrix/vm_fetch.cc b/matrix/vm_fetch.cc
index 8dbea6a3c..13d50a80a 100644
--- a/matrix/vm_fetch.cc
+++ b/matrix/vm_fetch.cc
@@ -259,6 +259,7 @@ try
 	opts.op = m::fetch::op::auth;
 	opts.room_id = room.room_id;
 	opts.event_id = room.event_id;
+	opts.check_hashes = false;
 
 	// Figure out a remote hint as the primary target to request the missing
 	// auth events from; if provided, m::fetch will ask this remote first. We
@@ -347,11 +348,6 @@ try
 	opts.warnlog &= ~vm::fault::EXISTS;
 	opts.notify_servers = false;
 
-	// The auth_chain fetch made by the caller won't give us events with
-	// a content hash mismatch unless they were obtained from an authoritative
-	// source. For this we can unconditionally allow hash mismatch from here.
-	opts.redacted = 1;
-
 	log::debug
 	{
 		log, "Evaluating auth chain for %s in %s events:%zu",