diff --git a/configure.ac b/configure.ac
index 06217b0b0..5ad6ab5ad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2188,7 +2188,7 @@ AC_ARG_ENABLE([keygen],
     [ ENABLED_KEYGEN=no ]
     )
 
-if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_OPENRESTY" = "yes"
+if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_NGINX" = "yes"
 then
     ENABLED_KEYGEN=yes
 fi
diff --git a/src/internal.c b/src/internal.c
index 12dca312b..24116ed1b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5950,7 +5950,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
     ssl->timeout = ctx->timeout;
     ssl->verifyCallback    = ctx->verifyCallback;
-    ssl->options.side      = ctx->method->side;
+    /* If we are setting the ctx on an already initialized SSL object
+     * then we possibly already have a side defined. Don't overwrite unless
+     * the context has a well defined role. */
+    if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END)
+        ssl->options.side      = ctx->method->side;
     ssl->options.downgrade    = ctx->method->downgrade;
     ssl->options.minDowngrade = ctx->minDowngrade;
 
diff --git a/src/ssl.c b/src/ssl.c
index 248c38dd6..60098865f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -23525,7 +23525,7 @@ WOLFSSL_ABI
 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
 {
     WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");
-    if (cert)
+    if (cert && cert->subject.sz > 0)
         return &cert->subject;
     return NULL;
 }
@@ -23601,7 +23601,7 @@ WOLFSSL_ABI
 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
 {
     WOLFSSL_ENTER("X509_get_issuer_name");
-    if (cert && cert->issuer.sz != 0)
+    if (cert && cert->issuer.sz > 0)
         return &cert->issuer;
     return NULL;
 }
@@ -57917,6 +57917,43 @@ static const conf_cmd_tbl conf_cmds_tbl[] = {
 static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl)
                                                     / sizeof(conf_cmd_tbl);
 
+static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx,
+                                         const char* cmd)
+{
+    size_t i = 0;
+    size_t cmdlen = 0;
+
+    if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
+        cmdlen = XSTRLEN(cmd);
+
+        if (cmdlen < 2) {
+            WOLFSSL_MSG("bad cmdline command");
+            return NULL;
+        }
+        /* skip "-" prefix */
+        ++cmd;
+    }
+
+    for (i = 0; i < size_of_cmd_tbls; i++) {
+        /* check if the cmd is valid */
+        if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
+            if (conf_cmds_tbl[i].cmdline_cmd != NULL &&
+                XSTRCMP(cmd, conf_cmds_tbl[i].cmdline_cmd) == 0) {
+                return &conf_cmds_tbl[i];
+            }
+        }
+
+        if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) {
+            if (conf_cmds_tbl[i].file_cmd != NULL &&
+                XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) {
+                return &conf_cmds_tbl[i];
+            }
+        }
+    }
+
+    return NULL;
+}
+
 /**
  * send configuration command
  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
@@ -57931,65 +57968,25 @@ static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl)
 int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
 {
     int ret = WOLFSSL_FAILURE;
-    size_t i = 0;
-    size_t cmdlen = 0;
-    const char* c = NULL;
+    const conf_cmd_tbl* confcmd = NULL;
     WOLFSSL_ENTER("wolfSSL_CONF_cmd");
 
-    (void)cctx;
-    (void)cmd;
-    (void)value;
-
     /* sanity check */
     if (cctx == NULL || cmd == NULL) {
         WOLFSSL_MSG("bad arguments");
         return ret;
     }
 
-    if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
-        cmdlen = XSTRLEN(cmd);
+    confcmd = wolfssl_conf_find_cmd(cctx, cmd);
+    if (confcmd == NULL)
+        return -2;
 
-        if (cmdlen < 2) {
-            WOLFSSL_MSG("bad cmdline command");
-            return -2;
-        }
-        /* skip "-" prefix */
-        c = ++cmd;
+    if (confcmd->cmdfunc == NULL) {
+        WOLFSSL_MSG("cmd not yet implemented");
+        return -2;
     }
 
-    for (i = 0; i < size_of_cmd_tbls; i++) {
-        /* check if the cmd is valid */
-        if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
-            if (c != NULL && conf_cmds_tbl[i].cmdline_cmd != NULL &&
-                XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) {
-                if (conf_cmds_tbl[i].cmdfunc != NULL) {
-                    ret = conf_cmds_tbl[i].cmdfunc(cctx, value);
-                    break;
-                } else {
-                    WOLFSSL_MSG("cmd not yet implemented");
-                    return -2;
-                }
-            }
-        }
-
-        if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) {
-            if (conf_cmds_tbl[i].file_cmd != NULL &&
-                XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) {
-                if (conf_cmds_tbl[i].cmdfunc != NULL) {
-                    ret = conf_cmds_tbl[i].cmdfunc(cctx, value);
-                    break;
-                } else {
-                    WOLFSSL_MSG("cmd not yet implemented");
-                    return -2;
-                }
-            }
-        }
-    }
-
-    if (i == size_of_cmd_tbls) {
-        WOLFSSL_MSG("invalid command");
-        ret = -2;
-    }
+    ret = confcmd->cmdfunc(cctx, value);
 
     /* return code compliant with OpenSSL */
     if (ret < -3)
@@ -57999,6 +57996,24 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
     return ret;
 }
 
+/**
+ *
+ * @param cctx a pointer to WOLFSSL_CONF_CTX structure
+ * @param cmd  configuration command
+ * @return The SSL_CONF_TYPE_* type or SSL_CONF_TYPE_UNKNOWN if an
+ *         unvalid command
+ */
+int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
+{
+    const conf_cmd_tbl* confcmd = NULL;
+    WOLFSSL_ENTER("wolfSSL_CONF_cmd_value_type");
+
+    confcmd = wolfssl_conf_find_cmd(cctx, cmd);
+    if (confcmd == NULL)
+        return SSL_CONF_TYPE_UNKNOWN;
+    return (int)confcmd->data_type;
+}
+
 #endif /* OPENSSL_EXTRA */
 
 
diff --git a/tests/api.c b/tests/api.c
index 40576a8b1..b91240b18 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -32775,7 +32775,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
         cmp = X509_NAME_cmp(caName, issuerName);
         AssertIntEQ(cmp, 0);
     #else
-        AssertNotNull(issuerName);
+        AssertNull(issuerName);
     #endif
 
     X509_free(issuer);
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index 38ef42ef9..f0e629ac2 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -34,7 +34,7 @@
       defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
       defined(WOLFSSL_RSYSLOG)
     /* For Apache httpd, Use 1.1.0 compatibility */
-     #define OPENSSL_VERSION_NUMBER 0x10100000L
+     #define OPENSSL_VERSION_NUMBER 0x10100003L
 #elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
     /* For Qt and Python 3.8.5 compatibility */
      #define OPENSSL_VERSION_NUMBER 0x10101000L
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 2b80b94e0..47d585ec6 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1264,13 +1264,16 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define DTLS_MAX_VERSION                 DTLS1_2_VERSION
 
 /* apache and lighty use SSL_CONF_FLAG_FILE to enable conf support */
-#if !defined(WOLFSSL_APACHE_HTTPD) && !defined(HAVE_LIGHTY)
 #define SSL_CONF_FLAG_CMDLINE            WOLFSSL_CONF_FLAG_CMDLINE
 #define SSL_CONF_FLAG_FILE               WOLFSSL_CONF_FLAG_FILE
 #define SSL_CONF_FLAG_CERTIFICATE        WOLFSSL_CONF_FLAG_CERTIFICATE
+#define SSL_CONF_FLAG_SERVER             WOLFSSL_CONF_FLAG_SERVER
+#define SSL_CONF_FLAG_CLIENT             WOLFSSL_CONF_FLAG_CLIENT
+#define SSL_CONF_FLAG_SHOW_ERRORS        WOLFSSL_CONF_FLAG_SHOW_ERRORS
+#define SSL_CONF_TYPE_UNKNOWN            WOLFSSL_CONF_TYPE_UNKNOWN
 #define SSL_CONF_TYPE_STRING             WOLFSSL_CONF_TYPE_STRING
 #define SSL_CONF_TYPE_FILE               WOLFSSL_CONF_TYPE_FILE
-#endif
+#define SSL_CONF_TYPE_DIR                WOLFSSL_CONF_TYPE_DIR
 
 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
                                                          || defined(OPENSSL_ALL)
@@ -1597,6 +1600,7 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
 #define SSL_CONF_CTX_set_flags          wolfSSL_CONF_CTX_set_flags
 #define SSL_CONF_CTX_finish             wolfSSL_CONF_CTX_finish
 #define SSL_CONF_cmd                    wolfSSL_CONF_cmd
+#define SSL_CONF_cmd_value_type         wolfSSL_CONF_cmd_value_type
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index fb4ad0612..9fa65e59d 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -4802,12 +4802,18 @@ WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
 
 #define WOLFSSL_CONF_FLAG_CMDLINE       0x1
 #define WOLFSSL_CONF_FLAG_FILE          0x2
+#define WOLFSSL_CONF_FLAG_CLIENT        0x4
+#define WOLFSSL_CONF_FLAG_SERVER        0x8
+#define WOLFSSL_CONF_FLAG_SHOW_ERRORS   0x10
 #define WOLFSSL_CONF_FLAG_CERTIFICATE   0x20
 
+#define WOLFSSL_CONF_TYPE_UNKNOWN       0x0
 #define WOLFSSL_CONF_TYPE_STRING        0x1
 #define WOLFSSL_CONF_TYPE_FILE          0x2
+#define WOLFSSL_CONF_TYPE_DIR           0x3
 
 WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
+WOLFSSL_API int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd);
 #endif /* OPENSSL_EXTRA */
 #if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,