diff --git a/lib/tls/mbedtls/mbedtls-client.c b/lib/tls/mbedtls/mbedtls-client.c
index 24e501b8..2fbe8a62 100644
--- a/lib/tls/mbedtls/mbedtls-client.c
+++ b/lib/tls/mbedtls/mbedtls-client.c
@@ -172,8 +172,10 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 		return 1;
 	}
 
-	// SSL_CTX_add_client_CA(vh->ssl_client_ctx, vh->x509_client_CA);
-	SSL_CTX_add_client_CA(vh->ssl_ctx, vh->x509_client_CA);
+	if (!vh->ssl_ctx)
+		SSL_CTX_add_client_CA(vh->ssl_client_ctx, vh->x509_client_CA);
+	else
+		SSL_CTX_add_client_CA(vh->ssl_ctx, vh->x509_client_CA);
 
 	lwsl_notice("client loaded CA for verification %s\n", ca_filepath);
 
diff --git a/lib/tls/mbedtls/wrapper/library/ssl_x509.c b/lib/tls/mbedtls/wrapper/library/ssl_x509.c
index f3995a11..ed791508 100644
--- a/lib/tls/mbedtls/wrapper/library/ssl_x509.c
+++ b/lib/tls/mbedtls/wrapper/library/ssl_x509.c
@@ -17,6 +17,8 @@
 #include "ssl_dbg.h"
 #include "ssl_port.h"
 
+#include <assert.h>
+
 /**
  * @brief show X509 certification information
  */
@@ -155,7 +157,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
 {
     SSL_ASSERT1(ctx);
     SSL_ASSERT1(x);
-
+    assert(ctx);
     if (ctx->client_CA == x)
         return 1;
 
diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c b/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c
index 24393c36..d4aee31d 100644
--- a/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c
+++ b/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c
@@ -96,12 +96,12 @@ int main(int argc, char **argv)
 	memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */
 	i.context = context;
 
-	i.port = 443;
-	i.address = "libwebsockets.org";
+	i.port = 7681;
+	i.address = "localhost";
 	i.path = "/";
 	i.host = i.address;
 	i.origin = i.address;
-	i.ssl_connection = 1;
+	i.ssl_connection = 0;
 
 	i.protocol = protocols[0].name; /* "dumb-increment-protocol" */
 	i.pwsi = &client_wsi;