diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ed50be1819cac2857d4c5b51d898b34ce094269a..82f715bfd0c1fd1d998266bb9a5672d6a331d9a4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3909,6 +3909,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 
 	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
 		*(STACK_OF(X509) **)parg =  ctx->extra_certs;
+		if (parg == NULL && larg == 0)
+			*(STACK_OF(X509) **)parg =  ctx->cert->key->chain;
 		break;
 
 	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
diff --git a/ssl/ssl.h b/ssl/ssl.h
index ee5e99694a32ab7c6e17fedbf53c2877cf8c3835..296c1660b18a40fcddc02a512a459755c5dcf0d0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1985,6 +1985,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 #define SSL_CTX_get_extra_chain_certs(ctx,px509) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+#define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
 #define SSL_CTX_clear_extra_chain_certs(ctx) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)