diff --git a/src/Cedar/Proto_PPP.c b/src/Cedar/Proto_PPP.c
index 50503ae3..3c01613b 100644
--- a/src/Cedar/Proto_PPP.c
+++ b/src/Cedar/Proto_PPP.c
@@ -251,7 +251,7 @@ void PPPThread(THREAD *thread, void *param)
 				{
 					PPPSetStatus(p, PPP_STATUS_FAIL);
 					WHERE;
-					return false;
+					break;
 				}
 				break;
 			case PPP_EAP_TYPE_IDENTITY:
@@ -265,7 +265,7 @@ void PPPThread(THREAD *thread, void *param)
 				{
 					PPPSetStatus(p, PPP_STATUS_FAIL);
 					WHERE;
-					return false;
+					break;
 				}
 				break;
 			}
@@ -407,7 +407,7 @@ void PPPThread(THREAD *thread, void *param)
 		}
 		else
 		{
-			WaitForTubes(tubes, 1, 1000); // Increasing timeout to make the ticks a bit slower
+			WaitForTubes(tubes, 1, 300); // Increasing timeout to make the ticks a bit slower
 		}
 
 		if (IsTubeConnected(p->TubeRecv) == false || IsTubeConnected(p->TubeSend) == false)
@@ -3053,7 +3053,7 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
 
 				ipc = NewIPC(p->Cedar, p->ClientSoftwareName, p->Postfix, d.HubName, d.UserName, "",
 					&error_code, &p->ClientIP, p->ClientPort, &p->ServerIP, p->ServerPort,
-					p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, NULL,
+					p->ClientHostname, p->CryptName, false, p->AdjustMss, NULL, p->Eap_TlsCtx.clientCert.X,
 					IPC_LAYER_3);
 
 				if (ipc != NULL)
@@ -3112,7 +3112,6 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION* p, PPP_EAP* eap_packet, UINT eapTlsSi
 		// First we initialize the SslPipe if it is not already inited
 		if (p->Eap_TlsCtx.SslPipe == NULL)
 		{
-			p->Eap_TlsCtx.clientCert.IgnorePreverifyErr = true;
 			p->Eap_TlsCtx.Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT);
 			p->Eap_TlsCtx.SslPipe = NewSslPipeEx(true, p->Cedar->ServerX, p->Cedar->ServerK, p->Eap_TlsCtx.Dh, true, &(p->Eap_TlsCtx.clientCert));
 		}
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c
index 1c24dc30..22991125 100644
--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@@ -5689,7 +5689,7 @@ int SslCertVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx)
 	{
 		clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
 		clientcert->PreverifyErrMessage[0] = '\0';
-		if (!preverify_ok && !clientcert->IgnorePreverifyErr)
+		if (!preverify_ok)
 		{
 			const char *msg = X509_verify_cert_error_string(clientcert->PreverifyErr);
 			StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, (char *)msg);
@@ -11785,7 +11785,15 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x)
 
 	if (x_copy != NULL)
 	{
-		SSL_CTX_add_extra_chain_cert(ctx, x_copy->x509);
+		if (x_copy->root_cert)
+		{
+			X509_STORE* store = SSL_CTX_get_cert_store(ctx);
+			X509_STORE_add_cert(store, x->x509);
+		}
+		else
+		{
+			SSL_CTX_add_extra_chain_cert(ctx, x_copy->x509);
+		}
 		x_copy->do_not_free = true;
 
 		ret = true;
diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h
index 0b8f68a5..2019da20 100644
--- a/src/Mayaqua/Network.h
+++ b/src/Mayaqua/Network.h
@@ -1403,7 +1403,6 @@ void UnixWaitForTubes(TUBE **tubes, UINT num, UINT timeout);
 #define PREVERIFY_ERR_MESSAGE_SIZE 100
 // Info on client certificate collected during TLS handshake
 struct SslClientCertInfo {
-	bool IgnorePreverifyErr;
 	int PreverifyErr;
 	char PreverifyErrMessage[PREVERIFY_ERR_MESSAGE_SIZE];
 	X *X;