From 53c0003cad29cb2f4f805f5c0d331f8bdba569fa Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 14 Aug 2018 16:52:47 -0600
Subject: [PATCH] Fix to resolve issue with verify callback not causing an
 error (if one not already present) when returning 0. Test case to follow
 shortly.

---
 src/internal.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index e62a43221..3fca064bd 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8602,6 +8602,12 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
             WOLFSSL_MSG("Verify callback overriding error!");
             ret = 0;
         }
+        else {
+            /* induce error if one not present */
+            if (ret == 0) {
+                ret = VERIFY_CERT_ERROR;
+            }
+        }
     #ifdef OPENSSL_EXTRA
         if (args->certIdx > 0)
             FreeX509(x509);