diff --git a/native/src/ssl.c b/native/src/ssl.c
index 232faa1f0..6e9e58c70 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -908,8 +908,7 @@ TCN_IMPLEMENT_CALL(jobjectArray, SSL, getPeerCertChain)(TCN_STDARGS,
 
         buf = NULL;
         length = i2d_X509(cert, &buf);
-        if (length < 0) {
-            OPENSSL_free(buf);
+        if (length <= 0) {
             /* In case of error just return an empty byte[][] */
             return (*e)->NewObjectArray(e, 0, byteArrayClass, NULL);
         }
@@ -953,6 +952,11 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getPeerCertificate)(TCN_STDARGS,
 
     length = i2d_X509(cert, &buf);
 
+    if (length <= 0) {
+        X509_free(cert);
+        return NULL;
+    }
+
     bArray = (*e)->NewByteArray(e, length);
     (*e)->SetByteArrayRegion(e, bArray, 0, length, (jbyte*) buf);
 
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index eb9b49ec3..93e7f278d 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1754,11 +1754,9 @@ static int SSL_cert_verify(X509_STORE_CTX *ctx, void *arg) {
 
         buf = NULL;
         length = i2d_X509(cert, &buf);
-        if (length < 0) {
+        if (length <= 0) {
             // In case of error just return an empty byte[][]
             array = (*e)->NewObjectArray(e, 0, byteArrayClass, NULL);
-            // We need to delete the local references so we not leak memory as this method is called via callback.
-            OPENSSL_free(buf);
             break;
         }
         bArray = (*e)->NewByteArray(e, length);