From 126a570a37d739332d0708537f5ac07af9f71d27 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 12 Aug 2022 16:09:17 +0200
Subject: [PATCH 1/2] Add HAVE_WOLFSSL_MSG_EX define when WOLFSSL_MSG_EX is
 available

---
 src/x509_str.c              | 4 ++++
 wolfssl/wolfcrypt/logging.h | 1 +
 2 files changed, 5 insertions(+)

diff --git a/src/x509_str.c b/src/x509_str.c
index 8a498a87a..5cd9af652 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -181,7 +181,11 @@ static int GetX509Error(int e)
         case ASN_SIG_KEY_E:
             return X509_V_ERR_CERT_SIGNATURE_FAILURE;
         default:
+#ifdef HAVE_WOLFSSL_MSG_EX
+            WOLFSSL_MSG_EX("Error not configured or implemented yet: %d", e);
+#else
             WOLFSSL_MSG("Error not configured or implemented yet");
+#endif
             return e;
     }
 }
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 0b15db3b0..459d4f79e 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -164,6 +164,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
     WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
 #if !defined(_WIN32) && defined(XVSNPRINTF)
     WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
+    #define HAVE_WOLFSSL_MSG_EX
 #else
     #define WOLFSSL_MSG_EX(m, ...)
 #endif

From 551acd2b198f85b99037a47576c0d808dcc7d4fa Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 12 Aug 2022 16:27:17 +0200
Subject: [PATCH 2/2] Translate verify callback error with compat layer

---
 src/internal.c     | 4 ++++
 src/x509_str.c     | 2 +-
 wolfssl/internal.h | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 16506ead2..5b182425b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -11992,7 +11992,11 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
             }
         }
 
+#ifndef OPENSSL_COMPATIBLE_DEFAULTS
         store->error = ret;
+#else
+        store->error = GetX509Error(ret);
+#endif
         store->error_depth = args->certIdx;
         store->discardSessionCerts = 0;
         store->domain = domain;
diff --git a/src/x509_str.c b/src/x509_str.c
index 5cd9af652..4962c798d 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -161,7 +161,7 @@ void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STAC
 
 
 /* Returns corresponding X509 error from internal ASN error <e> */
-static int GetX509Error(int e)
+int GetX509Error(int e)
 {
     switch (e) {
         case ASN_BEFORE_DATE_E:
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 43c24583e..ca7c64789 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -5605,6 +5605,9 @@ WOLFSSL_LOCAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void
 WOLFSSL_LOCAL int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
     const WOLFSSL_ASN1_STRING* asn_in);
 #endif
+#ifdef OPENSSL_EXTRA
+WOLFSSL_LOCAL int GetX509Error(int e);
+#endif
 #endif
 
 #if defined(HAVE_EX_DATA) && \