Index: modules/ssl/ssl_util_stapling.c
===================================================================
--- modules/ssl/ssl_util_stapling.c	(revision 1876318)
+++ modules/ssl/ssl_util_stapling.c	(working copy)
@@ -134,10 +134,10 @@
     X509 *issuer = NULL;
     OCSP_CERTID *cid = NULL;
     STACK_OF(OPENSSL_STRING) *aia = NULL;
+    int rv = 0;
+    
+    if (x == NULL) goto leave;
 
-    if (x == NULL)
-        return 0;
-
     if (!(issuer = stapling_get_issuer(mctx, x))) {
         /* In Apache pre 2.4.40, we use to come here only when mod_ssl stapling
          * was enabled. With the new hooks, we give other modules the chance
@@ -147,9 +147,9 @@
             ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02217)
                            "ssl_stapling_init_cert: can't retrieve issuer "
                            "certificate!");
-            return 0;
+            goto leave;
         }
-        return 1;
+        goto success;
     }
 
     if (ssl_run_init_stapling_status(s, p, x, issuer) == APR_SUCCESS) {
@@ -158,16 +158,17 @@
             SSL_CTX_set_tlsext_status_cb(mctx->ssl_ctx, stapling_cb);
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10177) "OCSP stapling added via hook");
         }
-        return 1;
+        goto success;
     }
     
     if (mctx->stapling_enabled != TRUE) {
         /* mod_ssl's own implementation is not enabled */
-        return 1;
+        goto success;
     }
     
-    if (X509_digest(x, EVP_sha1(), idx, NULL) != 1)
-        return 0;
+    if (X509_digest(x, EVP_sha1(), idx, NULL) != 1) {
+        goto leave;
+    }
 
     cinf = apr_hash_get(stapling_certinfo, idx, sizeof(idx));
     if (cinf) {
@@ -181,18 +182,17 @@
                            APLOGNO(02814) "ssl_stapling_init_cert: no OCSP URI "
                            "in certificate and no SSLStaplingForceURL "
                            "configured for server %s", mctx->sc->vhost_id);
-            return 0;
+            goto leave;
         }
-        return 1;
+        goto success;
     }
 
     cid = OCSP_cert_to_id(NULL, x, issuer);
-    X509_free(issuer);
     if (!cid) {
         ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02815)
                        "ssl_stapling_init_cert: can't create CertID "
                        "for OCSP request");
-        return 0;
+        goto leave;
     }
 
     aia = X509_get1_ocsp(x);
@@ -201,7 +201,7 @@
         ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x,
                        APLOGNO(02218) "ssl_stapling_init_cert: no OCSP URI "
                        "in certificate and no SSLStaplingForceURL set");
-        return 0;
+        goto leave;
     }
 
     /* At this point, we have determined that there's something to store */
@@ -222,8 +222,12 @@
                    mctx->sc->vhost_id);
 
     apr_hash_set(stapling_certinfo, cinf->idx, sizeof(cinf->idx), cinf);
-    
-    return 1;
+success:
+    rv = 1;
+leave:
+    if (issuer) X509_free(issuer);
+
+    return rv;
 }
 
 static certinfo *stapling_get_certinfo(server_rec *s, X509 *x, modssl_ctx_t *mctx,