user CA adds use same policy as Context Verify for verification

src/internal.c

@@ -4278,8 +4278,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 return MEMORY_E;
             XMEMCPY(add.buffer, myCert.buffer, myCert.length);
 
-            ret = AddCA(ssl->ctx->cm, add, WOLFSSL_CHAIN_CA,
-                        ssl->ctx->verifyPeer);
+            /* already verified above */
+            ret = AddCA(ssl->ctx->cm, add, WOLFSSL_CHAIN_CA, 0);
             if (ret == 1) ret = 0;   /* SSL_SUCCESS for external */
         }
         else if (ret != 0) {

src/ssl.c

@@ -2843,7 +2843,8 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             XFREE(der.buffer, heap, dynamicType);
             return BAD_FUNC_ARG;
         }
-        return AddCA(ctx->cm, der, WOLFSSL_USER_CA, ctx->verifyPeer);
+        /* verify CA unless user set to no verify */
+        return AddCA(ctx->cm, der, WOLFSSL_USER_CA, !ctx->verifyNone);
                                                       /* takes der over */
     }
     else if (type == CERT_TYPE) {