diff --git a/src/ssl.c b/src/ssl.c
index deab93ea9..549ff6929 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17076,10 +17076,22 @@ cleanup:
         }
         else {
             int idx = wc_GetCurrentIdx();
-            if (idx > 0) {
-                idx = idx -1;
+            if (idx < 0) {
+                WOLFSSL_MSG("Error with getting current index!");
+                ret = BAD_STATE_E;
+                WOLFSSL_LEAVE("wolfSSL_ERR_get_error", ret);
+
+                /* panic and try to clear out nodes and reset queue state */
+                wc_ClearErrorNodes();
+            }
+            else if (idx > 0) {
+                idx -= 1;
+                wc_RemoveErrorNode(idx);
+            }
+            else {
+                /* if current idx is 0 then the queue only had one node */
+                wc_RemoveErrorNode(idx);
             }
-            wc_RemoveErrorNode(idx);
         }
 
         return ret;
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index 02d89cef5..9aa08bb9e 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -812,8 +812,10 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
 #endif
 }
 
-/* returns the current index into the queue, can be greater than zero in cases
- * where wc_PullErrorNode() has been callded. */
+/* returns the current index into the queue, which is the node that
+ * wc_current_node is pointing to. It can be greater than zero in cases
+ * where wc_PullErrorNode() has been called without the node having been
+ * removed. */
 int wc_GetCurrentIdx()
 {
     int ret = 0;