diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 99cd6c4117..408000af83 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -1306,6 +1306,7 @@ connectOptions2(PGconn *conn)
 	 */
 	if (!sslVerifyProtocolVersion(conn->sslminprotocolversion))
 	{
+		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("invalid sslminprotocolversion value: \"%s\"\n"),
 						  conn->sslminprotocolversion);
@@ -1313,6 +1314,7 @@ connectOptions2(PGconn *conn)
 	}
 	if (!sslVerifyProtocolVersion(conn->sslmaxprotocolversion))
 	{
+		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("invalid sslmaxprotocolversion value: \"%s\"\n"),
 						  conn->sslmaxprotocolversion);
@@ -1329,6 +1331,7 @@ connectOptions2(PGconn *conn)
 	if (!sslVerifyProtocolRange(conn->sslminprotocolversion,
 								conn->sslmaxprotocolversion))
 	{
+		conn->status = CONNECTION_BAD;
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("invalid SSL protocol version range"));
 		return false;
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index cf142fbaa4..d3a37e1d27 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -854,6 +854,7 @@ initialize_SSL(PGconn *conn)
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("invalid value \"%s\" for minimum version of SSL protocol\n"),
 							  conn->sslminprotocolversion);
+			SSL_CTX_free(SSL_context);
 			return -1;
 		}
 
@@ -864,6 +865,8 @@ initialize_SSL(PGconn *conn)
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("could not set minimum version of SSL protocol: %s\n"),
 							  err);
+			SSLerrfree(err);
+			SSL_CTX_free(SSL_context);
 			return -1;
 		}
 	}
@@ -880,6 +883,7 @@ initialize_SSL(PGconn *conn)
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("invalid value \"%s\" for maximum version of SSL protocol\n"),
 							  conn->sslmaxprotocolversion);
+			SSL_CTX_free(SSL_context);
 			return -1;
 		}
 
@@ -890,6 +894,8 @@ initialize_SSL(PGconn *conn)
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("could not set maximum version of SSL protocol: %s\n"),
 							  err);
+			SSLerrfree(err);
+			SSL_CTX_free(SSL_context);
 			return -1;
 		}
 	}
@@ -1321,9 +1327,7 @@ open_client_SSL(PGconn *conn)
 	conn->peer = SSL_get_peer_certificate(conn->ssl);
 	if (conn->peer == NULL)
 	{
-		char	   *err;
-
-		err = SSLerrmessage(ERR_get_error());
+		char	   *err = SSLerrmessage(ERR_get_error());
 
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("certificate could not be obtained: %s\n"),