diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif
index 5d9242026e..1fa81a0fd0 100644
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@@ -215,9 +215,17 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 			X509* currcert = sk_X509_value(chain, i);
 
 			if ( currcert )
-				chainVector->Assign(i, new file_analysis::X509Val(currcert)); // X509Val takes ownership
+				// X509Val takes ownership of currcert.
+				chainVector->Assign(i, new file_analysis::X509Val(currcert));
 			else
+				{
 				reporter->InternalWarning("OpenSSL returned null certificate");
+
+				for ( int j = i + 1; i < num_certs; ++j )
+					X509_free(sk_X509_value(chain, j));
+
+				break;
+				}
 			}
 
 		sk_X509_free(chain);