diff --git a/configure.ac b/configure.ac
index d5c36b45a..463835db1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -181,7 +181,7 @@ AC_ARG_ENABLE([fortress],
 
 if test "$ENABLED_FORTRESS" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DCYASSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
 fi
 
 
diff --git a/cyassl/test.h b/cyassl/test.h
index 3d82aa7b3..e0943a7b9 100644
--- a/cyassl/test.h
+++ b/cyassl/test.h
@@ -863,6 +863,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
 
 static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 {
+    (void)preverify;
     char buffer[CYASSL_MAX_ERROR_SZ];
 
 #ifdef OPENSSL_EXTRA
diff --git a/src/internal.c b/src/internal.c
index 4606115a9..0f55ca980 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3391,7 +3391,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         }
         ssl->error = ret;
     }
-#ifdef FORTRESS
+#ifdef CYASSL_ALWAYS_VERIFY_CB
     else {
         if (ssl->verifyCallback) {
             int ok;
@@ -3402,7 +3402,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
             store.discardSessionCerts = 0;
             store.domain = domain;
             store.userCtx = ssl->verifyCbCtx;
+#ifdef KEEP_PEER_CERT
             store.current_cert = &ssl->peerCert;
+#endif
             store.ex_data = ssl;
 
             ok = ssl->verifyCallback(1, &store);