diff --git a/src/internal.c b/src/internal.c
index bae4046772..d05238ec89 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6830,10 +6830,18 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
 #ifdef WOLFSSL_COPY_KEY
-    AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
-        ctx->privateKey->length, ctx->privateKey->type,
-        ctx->privateKey->heap);
-    ssl->buffers.weOwnKey = 1;
+    if (ctx->privateKey != NULL) {
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+        }
+        AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        ssl->buffers.weOwnKey = 1;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
 #else
     ssl->buffers.key      = ctx->privateKey;
 #endif
diff --git a/src/ssl.c b/src/ssl.c
index 310a1ed2d5..de97c8e5f1 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -20411,10 +20411,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
 #ifdef WOLFSSL_COPY_KEY
-    AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
-        ctx->privateKey->length, ctx->privateKey->type,
-        ctx->privateKey->heap);
-    ssl->buffers.weOwnKey = 1;
+    if (ctx->privateKey != NULL) {
+        if (ssl->buffers.key != NULL) {
+            FreeDer(&ssl->buffers.key);
+        }
+        AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+            ctx->privateKey->length, ctx->privateKey->type,
+            ctx->privateKey->heap);
+        ssl->buffers.weOwnKey = 1;
+    }
+    else {
+        ssl->buffers.key      = ctx->privateKey;
+    }
 #else
     ssl->buffers.key      = ctx->privateKey;
 #endif