diff --git a/src/internal.c b/src/internal.c
index 2831d5e7c..c6bb0d1db 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6864,6 +6864,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         return MEMORY_E;
     }
 #endif
+    XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
 
     if (anyError != 0 && ret == 0)
         ret = anyError;
@@ -6882,6 +6883,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 store->discardSessionCerts = 0;
                 store->domain = domain;
                 store->userCtx = ssl->verifyCbCtx;
+                store->certs = certs;
+                store->totalCerts = totalCerts;
 #ifdef KEEP_PEER_CERT
                 store->current_cert = &ssl->peerCert;
 #else
@@ -6919,6 +6922,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             store->discardSessionCerts = 0;
             store->domain = domain;
             store->userCtx = ssl->verifyCbCtx;
+            store->certs = certs;
+            store->totalCerts = totalCerts;
 #ifdef KEEP_PEER_CERT
             store->current_cert = &ssl->peerCert;
 #endif
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index f6b6ad6e3..6e9b5f559 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1290,11 +1290,8 @@ WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
 
 
-/* wolfSSL buffer type */
-typedef struct buffer {
-    byte*  buffer;
-    word32 length;
-} buffer;
+/* wolfSSL buffer type - internal uses "buffer" type */
+typedef WOLFSSL_BUFFER_INFO buffer;
 
 #ifndef NO_CERTS
     /* wolfSSL DER buffer */
diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h
index af083410b..5331245c9 100644
--- a/wolfssl/ocsp.h
+++ b/wolfssl/ocsp.h
@@ -35,16 +35,15 @@
     extern "C" {
 #endif
 
-struct buffer;
 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
 
 WOLFSSL_LOCAL int  InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
 WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
 
 WOLFSSL_LOCAL int  CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
-                                            struct buffer* responseBuffer);
+                                            WOLFSSL_BUFFER_INFO* responseBuffer);
 WOLFSSL_LOCAL int  CheckOcspRequest(WOLFSSL_OCSP* ocsp,
-                   OcspRequest* ocspRequest, struct buffer* responseBuffer);
+                   OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 30ff64912..8404ccff2 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -166,6 +166,11 @@ typedef struct WOLFSSL_X509_OBJECT {
     } data;
 } WOLFSSL_X509_OBJECT;
 
+typedef struct WOLFSSL_BUFFER_INFO {
+    unsigned char* buffer;
+    unsigned int length;
+} WOLFSSL_BUFFER_INFO;
+
 typedef struct WOLFSSL_X509_STORE_CTX {
     WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
     WOLFSSL_X509* current_cert;   /* stunnel dereference */
@@ -175,6 +180,8 @@ typedef struct WOLFSSL_X509_STORE_CTX {
     int   error;                 /* current error */
     int   error_depth;           /* cert depth for this error */
     int   discardSessionCerts;   /* so verify callback can flag for discard */
+    int   totalCerts;            /* number of peer cert buffers */
+    WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
 } WOLFSSL_X509_STORE_CTX;
 
 
diff --git a/wolfssl/test.h b/wolfssl/test.h
index b6833009e..63b245479 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -371,7 +371,7 @@ static INLINE WC_NORETURN void err_sys(const char* msg)
      * msg pointer can be null even when hardcoded and then it won't exit,
      * making null pointer checks above the err_sys() call useless.
      * We could just always exit() but some compilers will complain about no
-     * possible return, with gcc we know the attribute to handle that with 
+     * possible return, with gcc we know the attribute to handle that with
      * WC_NORETURN. */
     if (msg)
 #endif
@@ -1143,17 +1143,28 @@ static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
                                        wolfSSL_X509_get_issuer_name(peer), 0, 0);
         char* subject = wolfSSL_X509_NAME_oneline(
                                       wolfSSL_X509_get_subject_name(peer), 0, 0);
-        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
+        printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
                                                                   subject);
         XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
         XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
     }
     else
-        printf("peer has no cert!\n");
+        printf("\tPeer has no cert!\n");
+#else
+    printf("\tPeer certs: %d\n", store->totalCerts);
+    #ifdef VERIFY_CALLBACK_SHOW_PEER_CERTS
+    {   int i;
+        for (i=0; i<store->totalCerts; i++) {
+            WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
+            printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
+        }
+    }
+    #endif
 #endif
-    printf("Subject's domain name is %s\n", store->domain);
 
-    printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n");
+    printf("\tSubject's domain name is %s\n", store->domain);
+
+    printf("\tAllowing to continue anyway (shouldn't do this, EVER!!!)\n");
     return 1;
 }
 
@@ -1267,7 +1278,7 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
 
     static INLINE int ChangeToWolfRoot(void)
     {
-        #if !defined(NO_FILESYSTEM) 
+        #if !defined(NO_FILESYSTEM)
             int depth, res;
             XFILE file;
             for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
@@ -1286,7 +1297,7 @@ static INLINE void CaCb(unsigned char* der, int sz, int type)
                     break;
                 }
             }
-        
+
             err_sys("wolf root not found");
             return -1;
         #else