diff --git a/examples/client/client.c b/examples/client/client.c
index 7bec27edf..f0bbc7b28 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -195,6 +195,7 @@ static void ShowUsage(void)
     printf("               Certificate example : client -u orange \\\n");
     printf("               -J orange-cert.der -i orange-key.der\n");
     printf(" -A <filename> filename for DER CA certificate to verify host\n");
+    printf(" -X            Ignore IP checks on peer vs peer certificate\n");
 #endif
 }
 
@@ -493,6 +494,10 @@ static inline void ato32(const byte* c, word32* u32)
 
 #if defined(WOLFSSH_CERTS) && \
     (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
+
+/* when set as true then ignore miss matching IP addresses */
+static int IPOverride = 0;
+
 static int ParseRFC6187(const byte* in, word32 inSz, byte** leafOut,
     word32* leafOutSz)
 {
@@ -592,7 +597,9 @@ static int wsPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx)
 
                 if (ipMatch == 0) {
                     printf("IP did not match expected IP\n");
-                    ret = -1;
+                    if (!IPOverride) {
+                        ret = -1;
+                    }
                 }
             }
             FreeDecodedCert(&dCert);
@@ -1027,7 +1034,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
     char**  argv = ((func_args*)args)->argv;
     ((func_args*)args)->return_code = 0;
 
-    while ((ch = mygetopt(argc, argv, "?ac:eh:i:j:p:tu:xzNP:RJ:A:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?ac:eh:i:j:p:tu:xzNP:RJ:A:X")) != -1) {
         switch (ch) {
             case 'h':
                 host = myoptarg;
@@ -1077,6 +1084,10 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args)
                 caCert = myoptarg;
                 break;
 
+            case 'X':
+                IPOverride = 1;
+                break;
+
         #endif
 
             case 'x':
diff --git a/examples/sftpclient/sftpclient.c b/examples/sftpclient/sftpclient.c
index 00b3a49ef..754c85310 100644
--- a/examples/sftpclient/sftpclient.c
+++ b/examples/sftpclient/sftpclient.c
@@ -372,6 +372,7 @@ static void ShowUsage(void)
     printf("               Certificate example : client -u orange \\\n");
     printf("               -J orange-cert.der -i orange-key.der\n");
     printf(" -A <filename> filename for DER CA certificate to verify host\n");
+    printf(" -X            Ignore IP checks on peer vs peer certificate\n");
 #endif
 
     ShowCommands();
@@ -718,6 +719,8 @@ static inline void ato32(const byte* c, word32* u32)
     *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
 }
 
+/* when set as true then ignore miss matching IP addresses */
+static int IPOverride = 0;
 
 static int ParseRFC6187(const byte* in, word32 inSz, byte** leafOut,
     word32* leafOutSz)
@@ -817,7 +820,9 @@ static int wsPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx)
 
                 if (ipMatch == 0) {
                     printf("IP did not match expected IP\n");
-                    ret = -1;
+                    if (!IPOverride) {
+                        ret = -1;
+                    }
                 }
             }
             FreeDecodedCert(&dCert);
@@ -1566,7 +1571,7 @@ THREAD_RETURN WOLFSSH_THREAD sftpclient_test(void* args)
     char**  argv = ((func_args*)args)->argv;
     ((func_args*)args)->return_code = 0;
 
-    while ((ch = mygetopt(argc, argv, "?d:egh:i:j:l:p:r:u:EGNP:J:A:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?d:egh:i:j:l:p:r:u:EGNP:J:A:X")) != -1) {
         switch (ch) {
             case 'd':
                 defaultSftpPath = myoptarg;
@@ -1641,6 +1646,10 @@ THREAD_RETURN WOLFSSH_THREAD sftpclient_test(void* args)
                 caCert = myoptarg;
                 break;
 
+            case 'X':
+                IPOverride = 1;
+                break;
+
         #endif
 
             case '?':