diff --git a/src/crl.c b/src/crl.c
index d3b93bf407..17f1fb30e3 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -694,7 +694,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, CRL_Entry* crle,
             if (ret == MP_LT || ret == MP_EQ) {
                 WOLFSSL_MSG("Same or newer CRL entry already exists");
                 wc_UnLockRwLock(&crl->crlLock);
-                return BAD_FUNC_ARG;
+                return DUPE_ENTRY_E;
             }
             else if (ret < 0) {
                 WOLFSSL_MSG("Error comparing CRL Numbers");
diff --git a/src/internal.c b/src/internal.c
index af622bb8ce..12d7c6a0f3 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -26823,6 +26823,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case PSK_KEY_ERROR:
         return "psk key callback error";
 
+    case DUPE_ENTRY_E:
+        return "duplicate entry error";
+
     case GETTIME_ERROR:
         return "gettimeofday() error";
 
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index 1fa5d0b490..47f460a2e1 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1795,6 +1795,7 @@ int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
  *                     WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
  * @return  WOLFSSL_SUCCESS on success.
  * @return  BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero.
+ * @return  DUPE_ENTRY_E if the same or a newer CRL already exists in the cm.
  * @return  WOLFSSL_FATAL_ERROR when creating CRL object fails.
  */
 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
diff --git a/tests/api.c b/tests/api.c
index ffe0b9efa4..69803be4c7 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -24621,7 +24621,7 @@ static int error_test(void)
         { -124, -124 },
         { -167, -169 },
         { -300, -300 },
-        { -334, -336 },
+        { -335, -336 },
         { -346, -349 },
         { -356, -356 },
         { -358, -358 },
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 654ec63af5..9a4f4a257a 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -82,6 +82,7 @@ enum wolfSSL_ErrorCodes {
     CLIENT_ID_ERROR              = -331,   /* psk client identity error  */
     SERVER_HINT_ERROR            = -332,   /* psk server hint error  */
     PSK_KEY_ERROR                = -333,   /* psk key error  */
+    DUPE_ENTRY_E                 = -334,   /* duplicate entry error */
 
     GETTIME_ERROR                = -337,   /* gettimeofday failed ??? */
     GETITIMER_ERROR              = -338,   /* getitimer failed ??? */