diff --git a/cyassl/internal.h b/cyassl/internal.h
index 9d2555558..30c5588dc 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -1616,6 +1616,7 @@ struct CYASSL {
     Arrays*         arrays;
     CYASSL_SESSION  session;
     VerifyCallback  verifyCallback;      /* cert verification callback */
+    void*           verifyCbCtx;         /* cert verify callback user ctx*/
 #ifndef NO_RSA
     RsaKey*         peerRsaKey;
     byte            peerRsaKeyPresent;
diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index bea865344..1812dfaf1 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -138,6 +138,7 @@ typedef struct CYASSL_X509_STORE_CTX {
     CYASSL_X509* current_cert;   /* stunnel dereference */
     char* domain;                /* subject CN domain name */
     void* ex_data;               /* external data, for fortress build */
+    void* userCtx;               /* user ctx */
     int   error;                 /* current error */
     int   error_depth;           /* cert depth for this error */
     int   discardSessionCerts;   /* so verify callback can flag for discard */ 
@@ -224,6 +225,7 @@ typedef int (*pem_password_cb)(char*, int, int, void*);
 CYASSL_API void CyaSSL_CTX_set_verify(CYASSL_CTX*, int, 
                                       VerifyCallback verify_callback);
 CYASSL_API void CyaSSL_set_verify(CYASSL*, int, VerifyCallback verify_callback);
+CYASSL_API void CyaSSL_SetCertCbCtx(CYASSL*, void*);
 
 CYASSL_API int  CyaSSL_pending(CYASSL*);
 
diff --git a/src/internal.c b/src/internal.c
index c087db328..197699ea1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1281,6 +1281,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->peerRsaKeyPresent = 0;
 #endif
     ssl->verifyCallback    = ctx->verifyCallback;
+    ssl->verifyCbCtx       = NULL;
     ssl->options.side      = ctx->method->side;
     ssl->options.downgrade = ctx->method->downgrade;
     ssl->error = 0;
@@ -3109,6 +3110,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
                 store.error_depth = totalCerts;
                 store.discardSessionCerts = 0;
                 store.domain = domain;
+                store.userCtx = ssl->verifyCbCtx;
 #ifdef KEEP_PEER_CERT
                 store.current_cert = &ssl->peerCert;
 #else
@@ -3146,6 +3148,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
             store.error_depth = totalCerts;
             store.discardSessionCerts = 0;
             store.domain = domain;
+            store.userCtx = ssl->verifyCbCtx;
             store.current_cert = &ssl->peerCert;
             store.ex_data = ssl;
 
diff --git a/src/ssl.c b/src/ssl.c
index 311141a2a..c880e9386 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2460,6 +2460,15 @@ void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
 }
 
 
+/* store user ctx for verify callback */
+void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx)
+{
+    CYASSL_ENTER("CyaSSL_SetCertCbCtx");
+    if (ssl)
+        ssl->verifyCbCtx = ctx;
+}
+
+
 /* store context CA Cache addition callback */
 void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
 {