diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h
index 6f2fb5a2f..7a0bd0d76 100644
--- a/components/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@@ -144,6 +144,8 @@ struct ssl_session_st {
     long timeout;
 
     long time;
+
+    X509 *peer;
 };
 
 struct X509_VERIFY_PARAM_st {
diff --git a/components/openssl/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c
index 15c4977b0..7278287a6 100644
--- a/components/openssl/library/ssl_pkey.c
+++ b/components/openssl/library/ssl_pkey.c
@@ -177,7 +177,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
     if (!ret)
         SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
 
-    ctx->cert->pkey->ref++;
+    ctx->cert->pkey->ref = 1;
 
     return 1;
 
@@ -216,7 +216,7 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
     if (!ret)
         SSL_RET(failed2, "SSL_CTX_use_PrivateKey\n");
 
-    ssl->cert->pkey->ref++;
+    ssl->cert->pkey->ref = 1;
 
     return 1;
 
diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c
index 6e249eef5..19c94c3ec 100644
--- a/components/openssl/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -218,7 +218,6 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
 {
     int ret;
     X509 *cert;
-    const unsigned char *pbuf;
 
     cert = d2i_X509(&ctx->cert->x509, d, len);
     if (!cert)
@@ -228,7 +227,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
     if (!ret)
         SSL_RET(failed2, "SSL_CTX_use_certificate\n");
 
-    ctx->cert->x509->ref++;
+    ctx->cert->x509->ref = 1;
 
     return 1;
 
@@ -266,7 +265,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, int len,
     if (!ret)
         SSL_RET(failed2, "SSL_use_certificate\n");
 
-    ssl->cert->x509->ref++;
+    ssl->cert->x509->ref = 1;
 
     return 1;
 
@@ -307,3 +306,17 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 {
     return 0;
 }
+
+/*
+ * SSL_get_peer_certificate - get peer certification
+ *
+ * @param ssl - SSL point
+ *
+ * @return certification
+ */
+X509 *SSL_get_peer_certificate(const SSL *ssl)
+{
+    SSL_ASSERT(ssl);
+
+    return ssl->session.peer;
+}
diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c
index d4ed2ecec..1ddd1f30d 100644
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@@ -74,7 +74,6 @@ int ssl_pm_new(SSL *ssl)
     int mode;
     int version;
 
-    SSL_CTX *ctx = ssl->ctx;
     const SSL_METHOD *method = ssl->method;
 
     struct x509_pm *x509_pm;
@@ -185,9 +184,9 @@ int ssl_pm_handshake(SSL *ssl)
     }
     ssl_speed_up_exit();
 
-    if (!mbed_ret)
+    if (!mbed_ret) {
         ret = 1;
-    else {
+    } else {
         ret = 0;
         SSL_DEBUG(1, "mbedtls_ssl_handshake [-0x%x]\n", -mbed_ret);
     }