From 0e5de0c076eb567f6c050ee788e54ef8b93ef9bf Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 17 Sep 2019 07:56:02 -0700
Subject: [PATCH] Fix to only AddCA when its CA type and veryNone is not set.

---
 src/internal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index f668933a1..af4c41739 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -10053,7 +10053,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     ret = DoVerifyCallback(ssl, ret, args);
 
                     /* If valid CA then add to Certificate Manager */
-                    if (ret == 0) {
+                    if (ret == 0 && args->dCert->isCA && !ssl->options.verifyNone) {
                         buffer* cert = &args->certs[args->certIdx];
 
                         /* Is valid CA */