diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 443c12cac..24e313094 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1619,7 +1619,8 @@ static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx)
 	 * Otherwise, we must rebuild the certificate's certid in order to
 	 * look for the current OCSP response in the tree. */
 	if (from_transaction && ckchs->ckch->ocsp_response) {
-		ssl_ocsp_response_print(ckchs->ckch->ocsp_response, out);
+		if (ssl_ocsp_response_print(ckchs->ckch->ocsp_response, out))
+			goto end_no_putchk;
 	}
 	else {
 		unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH] = {};
@@ -1628,7 +1629,8 @@ static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx)
 		if (ckch_store_build_certid(ckchs, (unsigned char*)key, &key_length) < 0)
 			goto end_no_putchk;
 
-		ssl_get_ocspresponse_detail(key, out);
+		if (ssl_get_ocspresponse_detail(key, out))
+			goto end_no_putchk;
 	}
 
 	if (ci_putchk(si_ic(si), out) == -1) {
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 758b029d8..d0acc80dd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7567,6 +7567,7 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
 	int write = -1;
 	OCSP_RESPONSE *resp;
 	const unsigned char *p;
+	int retval = -1;
 
 	if (!ocsp_response)
 		return -1;
@@ -7619,13 +7620,13 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
 			ist_double_lf = istist(ist_block, double_lf);
 		}
 
-		b_istput(out, ist_block);
+		retval = (b_istput(out, ist_block) <= 0);
 	}
 
 	if (bio)
 		BIO_free(bio);
 
-	return 0;
+	return retval;
 }
 
 /*
@@ -7656,7 +7657,10 @@ static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx)
 	if (trash == NULL)
 		return 1;
 
-	ssl_ocsp_response_print(&ocsp->response, trash);
+	if (ssl_ocsp_response_print(&ocsp->response, trash)) {
+		free_trash_chunk(trash);
+		return 1;
+	}
 
 	if (ci_putchk(si_ic(si), trash) == -1) {
 		si_rx_room_blk(si);