diff --git a/doc/contributions.txt b/doc/contributions.txt
index a6d522de2f375083e808f5c1716b28ff00bf15b6..17c38ce343223e7de704cf44dac0e8d29ece5f66 100755
--- a/doc/contributions.txt
+++ b/doc/contributions.txt
@@ -924,6 +924,7 @@ Nicky Dasmijn
 	BUG-2432
 	BUG-3605
 	CHUIBUG-197
+	OPEN-187
 Nicky Perian
 	OPEN-1
 	STORM-1087
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 928d26646b2b777f5e45213117ddb425f6f324da..c4d5450e2bd90bd40c812645b24df057f3bb297a 100755
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -207,6 +207,7 @@ LLSD _basic_constraints_ext(X509* cert)
 			}
 		}
 
+		BASIC_CONSTRAINTS_free( bs );
 	}
 	return result;
 }
@@ -268,6 +269,8 @@ LLSD _ext_key_usage_ext(X509* cert)
 				ASN1_OBJECT_free(usage);
 			}
 		}
+
+		EXTENDED_KEY_USAGE_free( eku );
 	}
 	return result;
 }
@@ -280,6 +283,8 @@ LLSD _subject_key_identifier_ext(X509 *cert)
 	if(skeyid)
 	{
 		result = cert_string_from_octet_string(skeyid);
+
+		ASN1_OCTET_STRING_free( skeyid );
 	}
 	return result;
 }
@@ -300,6 +305,9 @@ LLSD _authority_key_identifier_ext(X509* cert)
 		{
 			result[CERT_AUTHORITY_KEY_IDENTIFIER_SERIAL] = cert_string_from_asn1_integer(akeyid->serial);
 		}	
+
+
+		AUTHORITY_KEYID_free( akeyid );
 	}
 	
 	// we ignore the issuer name in the authority key identifier, we check the issue name via
@@ -1049,6 +1057,8 @@ void LLBasicCertificateStore::validate(int validation_policy,
 		throw LLInvalidCertificate((*current_cert));			
 	}
 	std::string sha1_hash((const char *)cert_x509->sha1_hash, SHA_DIGEST_LENGTH);
+	X509_free( cert_x509 );
+	cert_x509 = NULL;
 	t_cert_cache::iterator cache_entry = mTrustedCertCache.find(sha1_hash);
 	if(cache_entry != mTrustedCertCache.end())
 	{