diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c
index 2d41728821..0e83baf3ea 100644
--- a/modules/ssl/ssl_util_stapling.c
+++ b/modules/ssl/ssl_util_stapling.c
@@ -212,7 +212,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
     SSLModConfigRec *mc = myModConfig(s);
     unsigned char resp_der[MAX_STAPLING_DER]; /* includes one-byte flag + response */
     unsigned char *p;
-    int resp_derlen;
+    int resp_derlen, stored_len;
     BOOL rv;
     apr_time_t expiry;
 
@@ -224,7 +224,8 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
         return FALSE;
     }
 
-    if (resp_derlen + 1 > sizeof resp_der) { /* response + ok flag too big? */
+    stored_len = resp_derlen + 1; /* response + ok flag */
+    if (stored_len > sizeof resp_der) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01928)
                      "OCSP stapling response too big (%u bytes)", resp_derlen);
         return FALSE;
@@ -248,7 +249,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
 
     rv = mc->stapling_cache->store(mc->stapling_cache_context, s,
                                    cinf->idx, sizeof(cinf->idx),
-                                   expiry, resp_der, resp_derlen, pool);
+                                   expiry, resp_der, stored_len, pool);
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01929)
                      "stapling_cache_response: OCSP response session store error!");