diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 049195eb37..60c68d4d55 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -267,7 +267,7 @@
 /* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
 #define MBEDTLS_SSL_MAX_CURVE_LIST_LEN         65535
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
 #define MBEDTLS_RECEIVED_SIG_ALGS_SIZE         20
 #endif
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5e8b60b9bc..91767fb004 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5579,7 +5579,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
         mbedtls_free( (void*) handshake->sig_algs );
     handshake->sig_algs = NULL;
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
-
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    if( ssl->handshake->certificate_request_context )
+    {
+        mbedtls_free( (void*) handshake->certificate_request_context );
+    }
+    handshake->certificate_request_context = NULL;
+    handshake->certificate_request_context_len = 0;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b3272c90fa..87517874e6 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1473,7 +1473,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
 
         mbedtls_ssl_handshake_params *handshake = ssl->handshake;
         handshake->certificate_request_context =
-                mbedtls_calloc( 1, certificate_request_context_len);
+                mbedtls_calloc( 1, certificate_request_context_len );
         if( handshake->certificate_request_context == NULL )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
@@ -1523,7 +1523,11 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
                 {
                     MBEDTLS_SSL_DEBUG_MSG( 3,
                         ( "Duplicate signature algorithms extensions found" ) );
-                    goto error;
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                        MBEDTLS_ERR_SSL_DECODE_ERROR );
+                    mbedtls_ssl_handshake_free( ssl );
+                    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
                 }
                 break;
 
@@ -1541,24 +1545,27 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1,
             ( "Signature algorithms extension length misaligned" ) );
-        goto error;
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        mbedtls_ssl_handshake_free( ssl );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
     /* Check that we found signature algorithms extension */
     if( ! sig_alg_ext_found )
     {
-         MBEDTLS_SSL_DEBUG_MSG( 3,
-             ( "no signature algorithms extension found" ) );
-         goto error;
+        MBEDTLS_SSL_DEBUG_MSG( 3,
+            ( "no signature algorithms extension found" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1,
+            ( "Signature algorithms extension length misaligned" ) );
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
+                                      MBEDTLS_ERR_SSL_DECODE_ERROR );
+        mbedtls_ssl_handshake_free( ssl );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+
     }
 
     ssl->client_auth = 1;
     return( 0 );
-
-error:
-    MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
-                                  MBEDTLS_ERR_SSL_DECODE_ERROR );
-    mbedtls_free( ssl->handshake->certificate_request_context );
-    return( MBEDTLS_ERR_SSL_DECODE_ERROR );
 }
 
 /*