diff --git a/src/internal.c b/src/internal.c
index fc771dd47..5e8c67dd2 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -14284,6 +14284,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case ALERT_COUNT_E:
         return "Alert Count exceeded error";
 
+    case EXT_MISSING:
+        return "Required TLS extension missing";
+
     default :
         return "unknown error number";
     }
diff --git a/src/tls13.c b/src/tls13.c
index 4bf268138..50e830acf 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3759,6 +3759,8 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
     i += REQ_HEADER_SZ;
 #else
     ext = TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS);
+    if (ext == NULL)
+        return EXT_MISSING;
     ext->resp = 0;
 
     i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index e14bd949b..fd82947c6 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -163,6 +163,7 @@ enum wolfSSL_ErrorCodes {
     INVALID_PARAMETER            = -425,   /* Security parameter invalid */
     MCAST_HIGHWATER_CB_E         = -426,   /* Multicast highwater cb err */
     ALERT_COUNT_E                = -427,   /* Alert Count exceeded err */
+    EXT_MISSING                  = -428,   /* Required extension not found */
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
     /* begin negotiation parameter errors */