From 976b6ae97cbf7d3e2d312dcdfef6b023674a701e Mon Sep 17 00:00:00 2001
From: Hideki Miyazaki <hide@wolfssl.com>
Date: Thu, 27 May 2021 14:54:32 +0900
Subject: [PATCH] not push CA, revert error code when being OpensslExtra mode

---
 src/internal.c |  6 ++++++
 src/ssl.c      | 10 +++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 18732349d..e397490f8 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -19048,6 +19048,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 #else
 
     int error = (int)e;
+#ifdef OPENSSL_EXTRA
+    /* OpenSSL uses positive error codes */
+    if (error > 0) {
+        error = -error;
+    }
+#endif
 
     /* pass to wolfCrypt */
     if (error < MAX_CODE_E && error > MIN_CODE_E) {
diff --git a/src/ssl.c b/src/ssl.c
index b603b035b..5c7d845c4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -18791,11 +18791,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
         }
         ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
                              ssl->session.chain.certs[i].length);
-        if (ret == 0 && 
-#if defined(WOLFSSL_QT)
-            ssl->options.side == WOLFSSL_CLIENT_END &&
-#endif
-            i == ssl->session.chain.count-1) {
+#if !defined(WOLFSSL_QT)
+        if (ret == 0 && i == ssl->session.chain.count-1) {
             /* On the last element in the chain try to add the CA chain
              * first if we have one for this cert */
             if (pushCAx509Chain(ssl->ctx->cm, x509, sk)
@@ -18803,6 +18800,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
                 ret = WOLFSSL_FATAL_ERROR;
             }
         }
+#else
+        (void)pushCAx509Chain;
+#endif
 
         if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Error decoding cert");