diff --git a/src/ssl.c b/src/ssl.c
index 5107bddd9..b0d6eaaff 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5684,6 +5684,27 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
 #ifdef OPENSSL_EXTRA
 /* put SSL type in extra for now, not very common */
 
+long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
+{
+    WOLFSSL_STUB("wolfSSL_ctrl");
+    (void)ssl;
+    (void)cmd;
+    (void)opt;
+    (void)pt;
+    return SSL_FAILURE;
+}
+
+
+long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
+{
+    WOLFSSL_STUB("wolfSSL_CTX_ctrl");
+    (void)ctx;
+    (void)cmd;
+    (void)opt;
+    (void)pt;
+    return SSL_FAILURE;
+}
+
 #ifndef NO_CERTS
 int wolfSSL_check_private_key(const WOLFSSL* ssl)
 {
diff --git a/tests/api.c b/tests/api.c
index 6036d6e54..86db69b24 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -2268,8 +2268,10 @@ static void test_wolfSSL_certs(void)
     AssertNotNull(x509);
     AssertIntEQ(SSL_use_certificate(ssl, x509), SSL_SUCCESS);
 
+    #ifndef HAVE_USER_RSA
     /* with loading in a new cert the check on private key should now fail */
     AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS);
+    #endif
 
 
     #if defined(USE_CERT_BUFFERS_2048)
@@ -2294,6 +2296,20 @@ static void test_wolfSSL_certs(void)
     #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
 }
 
+static void test_wolfSSL_ctrl(void)
+{
+    #if defined(OPENSSL_EXTRA)
+    printf(testingFmt, "wolfSSL_crtl()");
+
+    /* needs tested after stubs filled out @TODO
+        SSL_ctrl
+        SSL_CTX_ctrl
+    */
+
+    printf(resultFmt, passed);
+    #endif /* defined(OPENSSL_EXTRA) */
+}
+
 /*----------------------------------------------------------------------------*
  | Main
  *----------------------------------------------------------------------------*/
@@ -2341,6 +2357,7 @@ void ApiTest(void)
     /* compatibility tests */
     test_wolfSSL_DES();
     test_wolfSSL_certs();
+    test_wolfSSL_ctrl();
 
     AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
     printf(" End API Tests\n");
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index a47d00ec0..1776e4f53 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -574,6 +574,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
 
+#define SSL_ctrl     wolfSSL_ctrl
+#define SSL_CTX_ctrl wolfSSL_CTX_ctrl
+
 #ifdef HAVE_STUNNEL
 #include <wolfssl/openssl/asn1.h>
 
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 42ba737a0..b90718a12 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1892,6 +1892,8 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
 
 #ifdef OPENSSL_EXTRA
+WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
+WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
 
 #ifndef NO_CERTS
 WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);