diff --git a/configure.ac b/configure.ac
index 9b640dd8e..1affa4a55 100644
--- a/configure.ac
+++ b/configure.ac
@@ -793,6 +793,7 @@ AC_ARG_ENABLE([mcast],
 # HAVE_POCO_LIB
 # WOLFSSL_MYSQL_COMPATIBLE
 # web server (--enable-webserver) HAVE_WEBSERVER
+# net-snmp (--enable-net-snmp)
 
 
 # Bind DNS compatibility Build
@@ -890,6 +891,13 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA -DWOLFSSL_BASE16"
 fi
 
+# net-snmp Build
+AC_ARG_ENABLE([net-snmp],
+    [AS_HELP_STRING([--enable-net-snmp],[Enable net-snmp (default: disabled)])],
+    [ ENABLED_NETSNMP=$enableval ],
+    [ ENABLED_NETSNMP=no ]
+    )
+
 #IP alternative name Support
 AC_ARG_ENABLE([ip-alt-name],
     [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
@@ -957,7 +965,7 @@ AC_ARG_ENABLE([opensslall],
 [ ENABLED_OPENSSLALL=$enableval ],
 [ ENABLED_OPENSSLALL=no ]
 )
-if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" == "yes"
+if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" == "yes" || test "$ENABLED_NETSNMP" = "yes"
 then
     ENABLED_OPENSSLALL="yes"
 fi
@@ -1880,7 +1888,7 @@ AC_ARG_ENABLE([sessioncerts],
     [ ENABLED_SESSIONCERTS=no ]
     )
 
-if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes"
 then
     ENABLED_SESSIONCERTS=yes
 fi
@@ -3014,7 +3022,7 @@ AC_ARG_ENABLE([des3],
     [ ENABLED_DES3=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno"  || test "$ENABLED_LIBSSH2" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno"  || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes"
 then
     ENABLED_DES3="yes"
 fi
@@ -3121,8 +3129,7 @@ AC_ARG_ENABLE([xts],
 
 AS_IF([test "x$ENABLED_XTS" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
-
-
+    
 # Web Server Build
 AC_ARG_ENABLE([webserver],
     [AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
@@ -3525,7 +3532,7 @@ AC_ARG_ENABLE([crl],
     )
 
 
-if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes"
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes"
 then
     ENABLED_CRL=yes
 fi
@@ -4384,6 +4391,23 @@ then
 
 fi
 
+if test "$ENABLED_NETSNMP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
+
+    if test "x$ENABLED_AESCFB" = "xno"
+    then
+        ENABLED_AESCFB="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
+    fi
+
+    if test "x$ENABLED_DTLS" = "xno"
+    then
+        ENABLED_DTLS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
+    fi
+fi
+
 if test "$ENABLED_SIGNAL" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
diff --git a/src/ssl.c b/src/ssl.c
index d147854f4..bd8bfdd46 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -24076,7 +24076,6 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
 
 #endif /* NO_MD4 */
 
-
 #ifndef NO_WOLFSSL_STUB
 void wolfSSL_RAND_screen(void)
 {
@@ -55002,15 +55001,45 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
     WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str)
     {
         WOLFSSL_BIO *bio;
+        const char* port;
         WOLFSSL_ENTER("wolfSSL_BIO_new_connect");
         bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket());
         if (bio) {
-            bio->ip = str;
+            port = XSTRSTR(str, ":");
+
+            if (port != NULL)
+                bio->port = (word16)XATOI(port + 1);
+            else
+                port = str + XSTRLEN(str); /* point to null terminator */
+
+            bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */
+                    bio->heap, DYNAMIC_TYPE_OPENSSL);
+            XMEMCPY(bio->ip, str, port - str);
+            bio->ip[port - str] = '\0';
             bio->type  = WOLFSSL_BIO_SOCKET;
         }
         return bio;
     }
 
+    /**
+     * Create new socket BIO object. This is a pure TCP connection with
+     * no SSL or TLS protection.
+     * @param str IP address to connect to
+     * @return New BIO object or NULL on failure
+     */
+    WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port)
+    {
+        WOLFSSL_BIO *bio;
+        WOLFSSL_ENTER("wolfSSL_BIO_new_accept");
+        bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket());
+        if (bio) {
+            bio->port = (word16)XATOI(port);
+            bio->type  = WOLFSSL_BIO_SOCKET;
+        }
+        return bio;
+    }
+
+
     /**
      * Set the port to connect to in the BIO object
      * @param b BIO object
@@ -55070,6 +55099,64 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
         b->shutdown = BIO_CLOSE;
         return WOLFSSL_SUCCESS;
     }
+
+#ifdef HAVE_SOCKADDR
+    int wolfSSL_BIO_do_accept(WOLFSSL_BIO *b)
+    {
+        SOCKET_T sfd = SOCKET_INVALID;
+        WOLFSSL_ENTER("wolfSSL_BIO_do_accept");
+
+        if (!b) {
+            WOLFSSL_MSG("Bad parameter");
+            return WOLFSSL_FAILURE;
+        }
+
+        while (b && b->type != WOLFSSL_BIO_SOCKET)
+            b = b->next;
+
+        if (!b) {
+            WOLFSSL_ENTER("No socket BIO in chain");
+            return WOLFSSL_FAILURE;
+        }
+
+        if (b->num == SOCKET_INVALID) {
+            if (wolfIO_TcpBind(&sfd, b->port) < 0) {
+                WOLFSSL_ENTER("wolfIO_TcpBind error");
+                return WOLFSSL_FAILURE;
+            }
+            b->num = sfd;
+            b->shutdown = BIO_CLOSE;
+        }
+        else {
+            WOLFSSL_BIO* new_bio;
+            int newfd = wolfIO_TcpAccept(b->num, NULL, NULL);
+            if (newfd < 0) {
+                WOLFSSL_ENTER("wolfIO_TcpBind error");
+                return WOLFSSL_FAILURE;
+            }
+            /* Create a socket BIO for using the accept'ed connection */
+            new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE);
+            if (new_bio == NULL) {
+                WOLFSSL_ENTER("wolfSSL_BIO_new_socket error");
+                CloseSocket(newfd);
+                return WOLFSSL_FAILURE;
+            }
+            wolfSSL_BIO_set_callback(new_bio,
+                    wolfSSL_BIO_get_callback(b));
+            wolfSSL_BIO_set_callback_arg(new_bio,
+                    wolfSSL_BIO_get_callback_arg(b));
+            /* Push onto bio chain for user retrieval */
+            if (wolfSSL_BIO_push(b, new_bio) == NULL) {
+                WOLFSSL_ENTER("wolfSSL_BIO_push error");
+                /* newfd is closed when bio is free'd */
+                wolfSSL_BIO_free(new_bio);
+                return WOLFSSL_FAILURE;
+            }
+        }
+
+        return WOLFSSL_SUCCESS;
+    }
+#endif /* HAVE_SOCKADDR */
 #endif /* HAVE_HTTP_CLIENT */
 
     int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
@@ -55165,7 +55252,7 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
             bio->method = method;
 #endif
             bio->shutdown = BIO_CLOSE; /* default to close things */
-            bio->num = -1; /* Default to invalid socket */
+            bio->num = SOCKET_INVALID; /* Default to invalid socket */
             bio->init = 1;
             if (method->type != WOLFSSL_BIO_FILE &&
                     method->type != WOLFSSL_BIO_SOCKET &&
@@ -55263,13 +55350,17 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
                 bio->pair->pair = NULL;
             }
 
+            if (bio->ip != NULL) {
+                XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL);
+            }
+
             if (bio->shutdown) {
                 if (bio->type == WOLFSSL_BIO_SSL && bio->ptr)
                     wolfSSL_free((WOLFSSL*)bio->ptr);
             #ifdef CloseSocket
                 if (bio->type == WOLFSSL_BIO_SOCKET && bio->num)
                     CloseSocket(bio->num);
-             #endif
+            #endif
             }
 
         #ifndef NO_FILESYSTEM
@@ -55279,7 +55370,7 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
                 }
             #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
                 && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-                else if (bio->num != -1) {
+                else if (bio->num != SOCKET_INVALID) {
                     XCLOSE(bio->num);
                 }
             #endif
@@ -55440,6 +55531,19 @@ int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data)
     return WOLFSSL_FAILURE;
 }
 
+int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_get_fd");
+
+    if (bio != NULL) {
+        if (fd != NULL)
+            *fd = bio->num;
+        return bio->num;
+    }
+
+    return SOCKET_INVALID;
+}
+
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 /* Set ex_data for WOLFSSL_BIO
  *
diff --git a/src/wolfio.c b/src/wolfio.c
index 5be99ed0a..6f544bb62 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -862,6 +862,67 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #endif /* HAVE_SOCKADDR */
 }
 
+int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port)
+{
+#ifdef HAVE_SOCKADDR
+    int ret = 0;
+    SOCKADDR_S addr;
+    int sockaddr_len = sizeof(SOCKADDR_IN);
+    SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr;
+
+    if (sockfd == NULL || port < 1) {
+        return -1;
+    }
+
+    XMEMSET(&addr, 0, sizeof(addr));
+
+    sin->sin_family = AF_INET;
+    sin->sin_addr.s_addr = INADDR_ANY;
+    sin->sin_port = XHTONS(port);
+    *sockfd = (SOCKET_T)socket(AF_INET, SOCK_STREAM, 0);
+
+    if (*sockfd < 0) {
+        WOLFSSL_MSG("socket failed");
+        *sockfd = SOCKET_INVALID;
+        return -1;
+    }
+
+#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
+                   && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
+    {
+        int optval  = 1;
+        XSOCKLENT optlen = sizeof(optval);
+        ret = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &optval, optlen);
+    }
+#endif
+
+    if (ret == 0)
+        ret = bind(*sockfd, (SOCKADDR *)sin, sockaddr_len);
+    if (ret == 0)
+        ret = listen(*sockfd, SOMAXCONN);
+
+    if (ret != 0) {
+        WOLFSSL_MSG("wolfIO_TcpBind failed");
+        CloseSocket(*sockfd);
+        *sockfd = SOCKET_INVALID;
+        ret = -1;
+    }
+
+    return ret;
+#else
+    (void)sockfd;
+    (void)port;
+    return -1;
+#endif /* HAVE_SOCKADDR */
+}
+
+#ifdef HAVE_SOCKADDR
+int wolfIO_TcpAccept(SOCKET_T sockfd, SOCKADDR* peer_addr, XSOCKLENT* peer_len)
+{
+    return accept(sockfd, peer_addr, peer_len);
+}
+#endif /* HAVE_SOCKADDR */
+
 #ifndef HTTP_SCRATCH_BUFFER_SIZE
     #define HTTP_SCRATCH_BUFFER_SIZE 512
 #endif
diff --git a/tests/api.c b/tests/api.c
index 9f4ce681b..9ba0f9dc4 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -35207,6 +35207,88 @@ static void test_wolfSSL_BIO_connect(void)
     join_thread(serverThread);
     FreeTcpReady(&ready);
 
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+
+    printf(resultFmt, passed);
+#endif
+}
+
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
+static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
+{
+    BIO* clientBio;
+    SSL* sslClient;
+    SSL_CTX* ctx;
+    char connectAddr[20]; /* IP + port */;
+
+    (void)args;
+
+    AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
+    AssertNotNull(clientBio = BIO_new_connect(connectAddr));
+    AssertIntEQ(BIO_do_connect(clientBio), 1);
+    AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
+    AssertNotNull(sslClient = SSL_new(ctx));
+    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
+    SSL_set_bio(sslClient, clientBio, clientBio);
+    AssertIntEQ(SSL_connect(sslClient), 1);
+
+    SSL_free(sslClient);
+    SSL_CTX_free(ctx);
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+
+    return 0;
+}
+#endif
+
+static void test_wolfSSL_BIO_accept(void)
+{
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
+
+    BIO* serverBindBio;
+    BIO* serverAcceptBio;
+    SSL* sslServer;
+    SSL_CTX* ctx;
+    func_args args;
+    THREAD_TYPE thread;
+    char port[10]; /* 10 bytes should be enough to store the string
+                    * representation of the port */
+
+    printf(testingFmt, "wolfSSL_BIO_new_accept()");
+
+    AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
+    AssertNotNull(serverBindBio = BIO_new_accept(port));
+
+    /* First BIO_do_accept binds the port */
+    AssertIntEQ(BIO_do_accept(serverBindBio), 1);
+
+    XMEMSET(&args, 0, sizeof(func_args));
+    start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
+
+    AssertIntEQ(BIO_do_accept(serverBindBio), 1);
+    /* Let's plug it into SSL to test */
+    AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
+    AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    AssertNotNull(sslServer = SSL_new(ctx));
+    AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio));
+    SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
+    AssertIntEQ(SSL_accept(sslServer), 1);
+
+    join_thread(thread);
+
+    BIO_free(serverBindBio);
+    SSL_free(sslServer);
+    SSL_CTX_free(ctx);
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+
     printf(resultFmt, passed);
 #endif
 }
@@ -47191,6 +47273,7 @@ void ApiTest(void)
     test_wolfSSL_d2i_PUBKEY();
     test_wolfSSL_BIO_write();
     test_wolfSSL_BIO_connect();
+    test_wolfSSL_BIO_accept();
     test_wolfSSL_BIO_printf();
     test_wolfSSL_BIO_f_md();
 #endif
diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h
index 89ce4597f..69368e942 100644
--- a/wolfssl/openssl/bio.h
+++ b/wolfssl/openssl/bio.h
@@ -109,6 +109,8 @@
 #define BIO_get_shutdown           wolfSSL_BIO_get_shutdown
 #define BIO_set_shutdown           wolfSSL_BIO_set_shutdown
 
+#define BIO_get_fd                 wolfSSL_BIO_get_fd
+
 #define BIO_clear_flags            wolfSSL_BIO_clear_flags
 #define BIO_set_ex_data            wolfSSL_BIO_set_ex_data
 #define BIO_get_ex_data            wolfSSL_BIO_get_ex_data
diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h
new file mode 100644
index 000000000..8d80cebbd
--- /dev/null
+++ b/wolfssl/openssl/compat_types.h
@@ -0,0 +1,40 @@
+/* compat_types.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+ * Move types that cause cyclical dependency errors here.
+ */
+
+#ifndef WOLFSSL_OPENSSL_COMPAT_TYPES_H_
+#define WOLFSSL_OPENSSL_COMPAT_TYPES_H_
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/hmac.h>
+
+typedef struct WOLFSSL_HMAC_CTX {
+    Hmac hmac;
+    int  type;
+    word32  save_ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
+    word32  save_opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
+} WOLFSSL_HMAC_CTX;
+
+#endif /* WOLFSSL_OPENSSL_COMPAT_TYPES_H_ */
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 6ddf2d284..319b1872e 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -37,6 +37,8 @@
 #define RSA_R_UNKNOWN_PADDING_TYPE              RSA_PAD_E
 #define EC_R_BUFFER_TOO_SMALL                   BUFFER_E
 
+#define ERR_TXT_MALLOCED                        1
+
 /* SSL function codes */
 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT          1
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE      2
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index ec1ffdfd3..88f362892 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -768,6 +768,9 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128
 #define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128
 #define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128
+#define EVP_aes_128_cfb    wolfSSL_EVP_aes_128_cfb128
+#define EVP_aes_192_cfb    wolfSSL_EVP_aes_192_cfb128
+#define EVP_aes_256_cfb    wolfSSL_EVP_aes_256_cfb128
 #define EVP_aes_128_ofb    wolfSSL_EVP_aes_128_ofb
 #define EVP_aes_192_ofb    wolfSSL_EVP_aes_192_ofb
 #define EVP_aes_256_ofb    wolfSSL_EVP_aes_256_ofb
diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h
index 99b39be7f..9551fc1da 100644
--- a/wolfssl/openssl/hmac.h
+++ b/wolfssl/openssl/hmac.h
@@ -35,15 +35,7 @@
 #include "prefix_hmac.h"
 #endif
 
-#include <wolfssl/wolfcrypt/hmac.h>
-
-typedef struct WOLFSSL_HMAC_CTX {
-    Hmac hmac;
-    int  type;
-    word32  save_ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
-    word32  save_opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
-} WOLFSSL_HMAC_CTX;
-
+#include <wolfssl/openssl/compat_types.h>
 #include <wolfssl/openssl/evp.h>
 #include <wolfssl/openssl/opensslv.h>
 
diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am
index deeb9bdac..c4607966a 100644
--- a/wolfssl/openssl/include.am
+++ b/wolfssl/openssl/include.am
@@ -10,6 +10,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/buffer.h \
                          wolfssl/openssl/cmac.h \
                          wolfssl/openssl/cms.h \
+                         wolfssl/openssl/compat_types.h \
                          wolfssl/openssl/conf.h \
                          wolfssl/openssl/crypto.h \
                          wolfssl/openssl/des.h \
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index a5aec1fa5..d5fef61c4 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -717,8 +717,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define BIO_f_ssl                       wolfSSL_BIO_f_ssl
 #define BIO_new_socket                  wolfSSL_BIO_new_socket
 #define BIO_new_connect                 wolfSSL_BIO_new_connect
+#define BIO_new_accept                  wolfSSL_BIO_new_accept
 #define BIO_set_conn_port               wolfSSL_BIO_set_conn_port
 #define BIO_do_connect                  wolfSSL_BIO_do_connect
+#define BIO_do_accept                   wolfSSL_BIO_do_accept
 #define BIO_do_handshake                wolfSSL_BIO_do_handshake
 #define SSL_set_bio                     wolfSSL_set_bio
 #define BIO_set_ssl                     wolfSSL_BIO_set_ssl
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
index bf7ae25e3..a4ab4eace 100644
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@@ -1,5 +1,29 @@
+/* x509.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
 /* x509.h for openssl */
 
+#ifndef WOLFSSL_OPENSSL_509_H_
+#define WOLFSSL_OPENSSL_509_H_
+
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/crypto.h>
 #include <wolfssl/openssl/dh.h>
@@ -42,3 +66,5 @@
 #define XN_FLAG_FN_ALIGN        (1 << 25)
 
 #define XN_FLAG_MULTILINE       0xFFFF
+
+#endif /* WOLFSSL_OPENSSL_509_H_ */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index a7c901bd6..29b97ea4e 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -87,6 +87,7 @@
     #endif
 
 #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+    #include <wolfssl/openssl/compat_types.h>
     #include <wolfssl/openssl/bn.h>
     #include <wolfssl/openssl/hmac.h>
 
@@ -426,7 +427,6 @@ struct WOLFSSL_X509_PUBKEY {
     int pubKeyOID;
 };
 
-
 enum BIO_TYPE {
     WOLFSSL_BIO_BUFFER = 1,
     WOLFSSL_BIO_SOCKET = 2,
@@ -504,7 +504,7 @@ struct WOLFSSL_BIO {
     void*        heap;          /* user heap hint */
     void*        ptr;           /* WOLFSSL, file descriptor, MD, or mem buf */
     void*        usrCtx;        /* user set pointer */
-    const char*  ip;            /* IP address for wolfIO_TcpConnect */
+    char*        ip;            /* IP address for wolfIO_TcpConnect */
     word16       port;          /* Port for wolfIO_TcpConnect */
     char*        infoArg;       /* BIO callback argument */
     wolf_bio_info_cb infoCb;    /* BIO callback */
@@ -1450,6 +1450,7 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
 WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
 WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags);
+WOLFSSL_API int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd);
 WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data);
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
 WOLFSSL_API int wolfSSL_BIO_set_ex_data_with_cleanup(
@@ -1498,8 +1499,10 @@ WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
 WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
 
 WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str);
+WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port);
 WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port);
 WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b);
+WOLFSSL_API int wolfSSL_BIO_do_accept(WOLFSSL_BIO *b);
 
 WOLFSSL_API long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b);
 
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index a233b6322..a6363f5cf 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -373,6 +373,10 @@
 #endif
 WOLFSSL_API  int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip,
     unsigned short port, int to_sec);
+#ifdef HAVE_SOCKADDR
+WOLFSSL_API int wolfIO_TcpAccept(SOCKET_T sockfd, SOCKADDR* peer_addr, XSOCKLENT* peer_len);
+#endif
+WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port);
 WOLFSSL_API  int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
 WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);