diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index e97304ae8..6042f6d1a 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -2614,6 +2614,35 @@ WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callbac
 */
 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
 
+/*!
+    \ingroup CertsKeys
+
+    \brief This function stores user CTX object information for verify callback.
+
+    \return none No return.
+
+    \param ctx a pointer to a WOLFSSL_CTX structure.
+    \param userCtx a void pointer that is used to set WOLFSSL_CTX structure’s
+    verifyCbCtx member’s value.
+
+    _Example_
+    \code
+    WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method );
+    void* userCtx = NULL; // Assign some user defined context
+    ...
+    if(ctx != NULL){
+        wolfSSL_SetCertCbCtx(ctx, userCtx);
+    } else {
+        // Error case, the SSL is not initialized properly.
+    }
+    \endcode
+
+    \sa wolfSSL_CTX_save_cert_cache
+    \sa wolfSSL_CTX_restore_cert_cache
+    \sa wolfSSL_CTX_set_verify
+*/
+WOLFSSL_API void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX*, void*);
+
 /*!
     \ingroup IO
 
diff --git a/src/internal.c b/src/internal.c
index 5b8a6a494..acd25a604 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -11293,7 +11293,19 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
         store->error_depth = args->certIdx;
         store->discardSessionCerts = 0;
         store->domain = domain;
-        store->userCtx = (ssl != NULL) ? ssl->verifyCbCtx : cm;
+        if (ssl != NULL) {
+            if (ssl->verifyCbCtx != NULL) {
+                /* Use the WOLFSSL user context if set */
+                store->userCtx = ssl->verifyCbCtx;
+            }
+            else {
+                /* Else use the WOLFSSL_CTX user context */
+                store->userCtx = ssl->ctx->verifyCbCtx;
+            }
+        }
+        else {
+            store->userCtx = cm;
+        }
         store->certs = args->certs;
         store->totalCerts = args->totalCerts;
     #if defined(HAVE_EX_DATA) && \
diff --git a/src/ssl.c b/src/ssl.c
index 712848234..31ed6075e 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12572,6 +12572,15 @@ void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
 }
 
 
+/* store user ctx for verify callback */
+void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_SetCertCbCtx");
+    if (ctx)
+        ctx->verifyCbCtx = userCtx;
+}
+
+
 /* store context CA Cache addition callback */
 void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb)
 {
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 604c6a80c..784a3bc4c 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2905,6 +2905,7 @@ struct WOLFSSL_CTX {
     CallbackSetPeer CBSetPeer;
 #endif
     VerifyCallback  verifyCallback;     /* cert verification callback */
+    void*           verifyCbCtx;        /* cert verify callback user ctx*/
 #ifdef OPENSSL_ALL
     CertVerifyCallback verifyCertCb;
     void*              verifyCertCbArg;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index f22162552..8607c769c 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1199,6 +1199,7 @@ WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val);
 #endif
 
 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx);
+WOLFSSL_API void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx);
 
 WOLFSSL_ABI WOLFSSL_API int  wolfSSL_pending(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_has_pending(const WOLFSSL* ssl);