--- src/connections.c
+++ src/connections.c
@@ -254,6 +254,8 @@
 
 			return 0;
 		case SSL_ERROR_SYSCALL:
+			{
+			char ssl_error_string_buf[256];
 			/**
 			 * man SSL_get_error()
 			 *
@@ -269,7 +271,7 @@
 			while((ssl_err = ERR_get_error())) {
 				/* get all errors from the error-queue */
 				log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-						r, ERR_error_string(ssl_err, NULL));
+						r, lighttpd_ERR_error_string_n(ssl_err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 			}
 
 			switch(oerrno) {
@@ -279,6 +281,7 @@
 						strerror(oerrno));
 				break;
 			}
+			}
 
 			break;
 		case SSL_ERROR_ZERO_RETURN:
@@ -290,6 +293,9 @@
 
 			/* fall thourgh */
 		default:
+			{
+			char ssl_error_string_buf[256];
+
 			while((ssl_err = ERR_get_error())) {
 				switch (ERR_GET_REASON(ssl_err)) {
 				case SSL_R_SSL_HANDSHAKE_FAILURE:
@@ -303,7 +309,8 @@
 				}
 				/* get all errors from the error-queue */
 				log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-				                r, ERR_error_string(ssl_err, NULL));
+				                r, lighttpd_ERR_error_string_n(ssl_err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
+			}
 			}
 			break;
 		}
@@ -1354,8 +1361,9 @@
 		/* connect FD to SSL */
 		if (srv_socket->is_ssl) {
 			if (NULL == (con->ssl = SSL_new(srv_socket->ssl_ctx))) {
+				char ssl_error_string_buf[256];
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL));
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 
 				return NULL;
 			}
@@ -1366,8 +1374,9 @@
 			con->conf.is_ssl=1;
 
 			if (1 != (SSL_set_fd(con->ssl, cnt))) {
+				char ssl_error_string_buf[256];
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL));
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 				return NULL;
 			}
 		}
@@ -1584,8 +1593,12 @@
 
 						break;
 					default:
+						{
+						char ssl_error_string_buf[256];
+
 						log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-								ERR_error_string(ERR_get_error(), NULL));
+								lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
+						}
 					}
 				}
 #endif
@@ -1707,10 +1720,11 @@
 					case SSL_ERROR_SYSCALL:
 						/* perhaps we have error waiting in our error-queue */
 						if (0 != (err = ERR_get_error())) {
+							char ssl_error_string_buf[256];
 							do {
 								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
 										ssl_r, ret,
-										ERR_error_string(err, NULL));
+										lighttpd_ERR_error_string_n(err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 							} while((err = ERR_get_error()));
 						} else if (errno != 0) { /* ssl bug (see lighttpd ticket #2213): sometimes errno == 0 */
 							switch(errno) {
@@ -1727,10 +1741,14 @@
 
 						break;
 					default:
+						{
+						char ssl_error_string_buf[256];
+
 						while((err = ERR_get_error())) {
 							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
 									ssl_r, ret,
-									ERR_error_string(err, NULL));
+									lighttpd_ERR_error_string_n(err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
+						}
 						}
 
 						break;
--- src/network.c
+++ src/network.c
@@ -548,6 +548,10 @@
 	};
 #endif
 
+#ifdef USE_OPENSSL
+	char ssl_error_string_buf[256];
+#endif
+
 	struct nb_map {
 		network_backend_t nb;
 		const char *name;
@@ -607,7 +611,7 @@
 
 		if (NULL == (s->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) {
 			log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-					ERR_error_string(ERR_get_error(), NULL));
+					lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 			return -1;
 		}
 
@@ -618,7 +622,7 @@
 			/* disable SSLv2 */
 			if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL));
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 				return -1;
 			}
 		}
@@ -627,7 +631,7 @@
 			/* disable SSLv3 */
 			if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL));
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 				return -1;
 			}
 		}
@@ -636,7 +640,7 @@
 			/* Disable support for low encryption ciphers */
 			if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) {
 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL));
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 				return -1;
 			}
 
@@ -707,18 +711,18 @@
 		if (!buffer_is_empty(s->ssl_ca_file)) {
 			if (1 != SSL_CTX_load_verify_locations(s->ssl_ctx, s->ssl_ca_file->ptr, NULL)) {
 				log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL), s->ssl_ca_file);
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)), s->ssl_ca_file);
 				return -1;
 			}
 			if (s->ssl_verifyclient) {
 				STACK_OF(X509_NAME) *certs = SSL_load_client_CA_file(s->ssl_ca_file->ptr);
 				if (!certs) {
 					log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
-							ERR_error_string(ERR_get_error(), NULL), s->ssl_ca_file);
+							lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)), s->ssl_ca_file);
 				}
 				if (SSL_CTX_set_session_id_context(s->ssl_ctx, (void*) &srv, sizeof(srv)) != 1) {
 					log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-						ERR_error_string(ERR_get_error(), NULL));
+						lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 					return -1;
 				}
 				SSL_CTX_set_client_CA_list(s->ssl_ctx, certs);
@@ -738,20 +742,20 @@
 
 		if (SSL_CTX_use_certificate_file(s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) {
 			log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
-					ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
+					lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)), s->ssl_pemfile);
 			return -1;
 		}
 
 		if (SSL_CTX_use_PrivateKey_file (s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) {
 			log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
-					ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
+					lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)), s->ssl_pemfile);
 			return -1;
 		}
 
 		if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
 			log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
 					"Private key does not match the certificate public key, reason:",
-					ERR_error_string(ERR_get_error(), NULL),
+					lighttpd_ERR_error_string_n(ERR_get_error(), ssl_error_string_buf, sizeof(ssl_error_string_buf)),
 					s->ssl_pemfile);
 			return -1;
 		}
--- src/network_openssl.c
+++ src/network_openssl.c
@@ -31,6 +31,8 @@
 	int ssl_r;
 	chunk *c;
 
+	char ssl_error_string_buf[256];
+
 	/* this is a 64k sendbuffer
 	 *
 	 * it has to stay at the same location all the time to satisfy the needs
@@ -106,7 +108,7 @@
 						do {
 							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
 									ssl_r, r,
-									ERR_error_string(err, NULL));
+									lighttpd_ERR_error_string_n(err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 						} while((err = ERR_get_error()));
 					} else if (r == -1) {
 						/* no, but we have errno */
@@ -138,7 +140,7 @@
 					while((err = ERR_get_error())) {
 						log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
 								ssl_r, r,
-								ERR_error_string(err, NULL));
+								lighttpd_ERR_error_string_n(err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 					}
 
 					return  -1;
@@ -219,7 +221,7 @@
 							do {
 								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
 										ssl_r, r,
-										ERR_error_string(err, NULL));
+										lighttpd_ERR_error_string_n(err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 							} while((err = ERR_get_error()));
 						} else if (r == -1) {
 							/* no, but we have errno */
@@ -251,7 +253,7 @@
 						while((err = ERR_get_error())) {
 							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
 									ssl_r, r,
-									ERR_error_string(err, NULL));
+									lighttpd_ERR_error_string_n(err, ssl_error_string_buf, sizeof(ssl_error_string_buf)));
 						}
 
 						return -1;
--- src/server.c
+++ src/server.c
@@ -1562,3 +1562,10 @@
 
 	return 0;
 }
+
+#ifdef USE_OPENSSL
+char* lighttpd_ERR_error_string_n(unsigned long e, char* buf, unsigned long len) {
+	ERR_error_string_n(e, buf, len);
+	return buf;
+}
+#endif
--- src/server.h
+++ src/server.h
@@ -14,4 +14,8 @@
 int config_set_defaults(server *srv);
 buffer *config_get_value_buffer(server *srv, connection *con, config_var_t field);
 
+#ifdef USE_OPENSSL
+char* lighttpd_ERR_error_string_n(unsigned long e, char* buf, unsigned long len);
+#endif
+
 #endif