From d2537a883f44483b6cce7d30d5b08041afdd489a Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Fri, 26 Sep 2025 11:13:19 -0700
Subject: [PATCH] Always add failed certs back to cert store.

---
 src/x509_str.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/x509_str.c b/src/x509_str.c
index 1f0bafafd..f10281397 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -626,13 +626,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
     }
 
 exit:
-    /* Copy back failed certs if verification failed. */
-    if (ret != WOLFSSL_SUCCESS) {
-        numFailedCerts = wolfSSL_sk_X509_num(failedCerts);
-        for (i = 0; i < numFailedCerts; i++)
-        {
-            wolfSSL_sk_X509_push(certs, wolfSSL_sk_X509_pop(failedCerts));
-        }
+    /* Copy back failed certs. */
+    numFailedCerts = wolfSSL_sk_X509_num(failedCerts);
+    for (i = 0; i < numFailedCerts; i++)
+    {
+        wolfSSL_sk_X509_push(certs, wolfSSL_sk_X509_pop(failedCerts));
     }
     wolfSSL_sk_X509_pop_free(failedCerts, NULL);