@@ -384,10 +384,12 @@
 	if (statePtr->vflags & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
 	    return ok;
 	} else {
 	    return 1;
 	}
+    } else if (cert == NULL || ssl == NULL) {
+	return 0;
     }
 
     /* Create command to eval */
     cmdPtr = Tcl_DuplicateObj(statePtr->vcmd);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("verify", -1));
@@ -855,11 +857,11 @@
 
     dprintf("Called");
 
     if (statePtr->vcmd == (Tcl_Obj*)NULL) {
 	return SSL_CLIENT_HELLO_SUCCESS;
-    } else if (ssl == NULL || arg == NULL) {
+    } else if (ssl == (const SSL *)NULL || arg == (void *)NULL) {
 	return SSL_CLIENT_HELLO_ERROR;
     }
 
     /* Get names */
     if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) {
@@ -2308,15 +2310,20 @@
 
 	/* Session ticket lifetime hint (in seconds) */
 	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("lifetime", -1));
 	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_ticket_lifetime_hint(session)));
 
-	/* Session id */
+	/* Session id - TLSv1.2 and below only */
 	session_id = SSL_SESSION_get_id(session, &ulen);
 	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("session_id", -1));
 	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewByteArrayObj(session_id, (int) ulen));
 
+	/* Session context */
+	session_id = SSL_SESSION_get0_id_context(session, &ulen);
+	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("session_context", -1));
+	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewByteArrayObj(session_id, (int) ulen));
+
 	/* Session ticket - client only */
 	SSL_SESSION_get0_ticket(session, &ticket, &len2);
 	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("session_ticket", -1));
 	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewByteArrayObj(ticket, (int) len2));