diff --git a/client/client_shared.c b/client/client_shared.c
index 5d4951a5d..91827524a 100644
--- a/client/client_shared.c
+++ b/client/client_shared.c
@@ -1361,7 +1361,10 @@ static int client_tls_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
 			err_printf(cfg, "Error: Unable to create SSL_CTX.\n");
 			return 1;
 		}
-		SSL_CTX_set_ex_data(cfg->ssl_ctx, tls_ex_index_cfg, cfg);
+		if(!SSL_CTX_set_ex_data(cfg->ssl_ctx, tls_ex_index_cfg, cfg)){
+			err_printf(cfg, "Error: Unable to set SSL_CTX ex data.\n");
+			return 1;
+		}
 		mosquitto_void_option(mosq, MOSQ_OPT_SSL_CTX, cfg->ssl_ctx);
 		mosquitto_int_option(mosq, MOSQ_OPT_SSL_CTX_WITH_DEFAULTS, 1);
 		SSL_CTX_set_keylog_callback(cfg->ssl_ctx, tls_keylog_callback);
diff --git a/lib/net_mosq.c b/lib/net_mosq.c
index 3dfd59287..a216ab60f 100644
--- a/lib/net_mosq.c
+++ b/lib/net_mosq.c
@@ -689,6 +689,8 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
 	uint8_t tls_alpn_wire[256];
 	uint8_t tls_alpn_len;
 
+	net__init_tls();
+
 #ifndef WITH_BROKER
 	if(mosq->user_ssl_ctx){
 		mosq->ssl_ctx = mosq->user_ssl_ctx;
@@ -705,7 +707,6 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
 	 * has not been set, or if both of MOSQ_OPT_SSL_CTX and
 	 * MOSQ_OPT_SSL_CTX_WITH_DEFAULTS are set. */
 	if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk || mosq->tls_use_os_certs){
-		net__init_tls();
 		if(!mosq->ssl_ctx){
 
 			mosq->ssl_ctx = SSL_CTX_new(TLS_client_method());
@@ -922,7 +923,11 @@ int net__socket_connect_step3(struct mosquitto *mosq, const char *host)
 			return MOSQ_ERR_TLS;
 		}
 
-		SSL_set_ex_data(mosq->ssl, tls_ex_index_mosq, mosq);
+		if(!SSL_set_ex_data(mosq->ssl, tls_ex_index_mosq, mosq)){
+			net__socket_close(mosq);
+			net__print_ssl_error(mosq, "while setting SSL ex data");
+			return MOSQ_ERR_TLS;
+		}
 		bio = BIO_new_socket(mosq->sock, BIO_NOCLOSE);
 		if(!bio){
 			net__socket_close(mosq);
diff --git a/src/net.c b/src/net.c
index f0e9919dc..9a175ba8a 100644
--- a/src/net.c
+++ b/src/net.c
@@ -250,8 +250,11 @@ struct mosquitto *net__socket_accept(struct mosquitto__listener_sock *listensock
 			context__cleanup(new_context, true);
 			return NULL;
 		}
-		SSL_set_ex_data(new_context->ssl, tls_ex_index_context, new_context);
-		SSL_set_ex_data(new_context->ssl, tls_ex_index_listener, new_context->listener);
+		if(!SSL_set_ex_data(new_context->ssl, tls_ex_index_context, new_context)
+				|| !SSL_set_ex_data(new_context->ssl, tls_ex_index_listener, new_context->listener)){
+			context__cleanup(new_context, true);
+			return NULL;
+		}
 		new_context->want_write = true;
 		bio = BIO_new_socket(new_sock, BIO_NOCLOSE);
 		SSL_set_bio(new_context->ssl, bio, bio);