diff --git a/security/nss/lib/ssl/prelib.c b/security/nss/lib/ssl/prelib.c
index b08ab544032..fe032879720 100644
--- a/security/nss/lib/ssl/prelib.c
+++ b/security/nss/lib/ssl/prelib.c
@@ -35,7 +35,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: prelib.c,v 1.1 2000-03-31 19:32:58 relyea%netscape.com Exp $
+ * $Id: prelib.c,v 1.2 2001-02-09 02:11:30 nelsonb%netscape.com Exp $
  */
 
 #include "cert.h"
@@ -73,7 +73,6 @@ PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
     
     ss = ssl_FindSocket(fd);
     if (ss == NULL) {
-        /* XXX set an error */
         return NULL;
     }
     
@@ -201,7 +200,6 @@ PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
     
     ss = ssl_FindSocket(fd);
     if (ss == NULL) {
-        /* XXX set an error */
         return NULL;
     }
     
diff --git a/security/nss/lib/ssl/sslauth.c b/security/nss/lib/ssl/sslauth.c
index 05385cb88d2..996ab22b31e 100644
--- a/security/nss/lib/ssl/sslauth.c
+++ b/security/nss/lib/ssl/sslauth.c
@@ -30,7 +30,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: sslauth.c,v 1.3 2001-02-09 00:32:03 nelsonb%netscape.com Exp $
+ * $Id: sslauth.c,v 1.4 2001-02-09 02:11:30 nelsonb%netscape.com Exp $
  */
 #include "cert.h"
 #include "secitem.h"
@@ -229,6 +229,9 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
     
     ss = ssl_FindSocket(fd);
     PORT_Assert(ss != NULL);
+    if (!ss) {
+	return SECFailure;
+    }
 
     handle = (CERTCertDBHandle *)arg;
 
diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c
index 3f861dc42f3..0abcf60bcb7 100644
--- a/security/nss/lib/ssl/sslsecur.c
+++ b/security/nss/lib/ssl/sslsecur.c
@@ -32,7 +32,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: sslsecur.c,v 1.6 2001-02-09 00:32:04 nelsonb%netscape.com Exp $
+ * $Id: sslsecur.c,v 1.7 2001-02-09 02:11:30 nelsonb%netscape.com Exp $
  */
 #include "cert.h"
 #include "secitem.h"
@@ -264,7 +264,6 @@ SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
     ss = ssl_FindSocket(fd);
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	return SECFailure;
     }
 
@@ -307,7 +306,6 @@ SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb,
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeCallback",
 		 SSL_GETPID(), fd));
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	return SECFailure;
     }
 
@@ -608,14 +606,17 @@ SECStatus
 SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
 		       SECKEYPrivateKey *key, SSL3KEAType kea)
 {
-    int rv;
+    SECStatus rv;
     sslSocket *ss;
     sslSecurityInfo *sec;
 
     ss = ssl_FindSocket(fd);
+    if (!ss) {
+	return SECFailure;
+    }
 
-    if ((rv = ssl_CreateSecurityInfo(ss)) != 0) {
-	return((SECStatus)rv);
+    if ((rv = ssl_CreateSecurityInfo(ss)) != SECSuccess) {
+	return rv;
     }
 
     sec = ss->sec;
@@ -1186,17 +1187,18 @@ SSL_InvalidateSession(PRFileDesc *fd)
     sslSocket *   ss = ssl_FindSocket(fd);
     SECStatus     rv = SECFailure;
 
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
+    if (ss) {
+	ssl_Get1stHandshakeLock(ss);
+	ssl_GetSSL3HandshakeLock(ss);
 
-    if (ss && ss->sec && ss->sec->ci.sid) {
-	ss->sec->uncache(ss->sec->ci.sid);
-	rv = SECSuccess;
+	if (ss->sec && ss->sec->ci.sid) {
+	    ss->sec->uncache(ss->sec->ci.sid);
+	    rv = SECSuccess;
+	}
+
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	ssl_Release1stHandshakeLock(ss);
     }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
     return rv;
 }
 
@@ -1208,27 +1210,27 @@ SSL_GetSessionID(PRFileDesc *fd)
     sslSessionID * sid;
 
     ss = ssl_FindSocket(fd);
+    if (ss) {
+	ssl_Get1stHandshakeLock(ss);
+	ssl_GetSSL3HandshakeLock(ss);
 
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
+	if (ss->useSecurity && ss->connected && ss->sec && ss->sec->ci.sid) {
+	    sid = ss->sec->ci.sid;
+	    item = (SECItem *)PORT_Alloc(sizeof(SECItem));
+	    if (sid->version < SSL_LIBRARY_VERSION_3_0) {
+		item->len = SSL_SESSIONID_BYTES;
+		item->data = (unsigned char*)PORT_Alloc(item->len);
+		PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
+	    } else {
+		item->len = sid->u.ssl3.sessionIDLength;
+		item->data = (unsigned char*)PORT_Alloc(item->len);
+		PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
+	    }
+	}
 
-    if (ss && ss->useSecurity && ss->connected && ss->sec && ss->sec->ci.sid) {
-        sid = ss->sec->ci.sid;
-        item = (SECItem *)PORT_Alloc(sizeof(SECItem));
-        if (sid->version < SSL_LIBRARY_VERSION_3_0) {
-            item->len = SSL_SESSIONID_BYTES;
-            item->data = (unsigned char*)PORT_Alloc(item->len);
-            PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
-        } else {
-            item->len = sid->u.ssl3.sessionIDLength;
-            item->data = (unsigned char*)PORT_Alloc(item->len);
-            PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
-        }
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	ssl_Release1stHandshakeLock(ss);
     }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
     return item;
 }
 
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index 9e1a15e6cd3..347af934b40 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -34,7 +34,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: sslsock.c,v 1.12 2001-02-09 00:32:08 nelsonb%netscape.com Exp $
+ * $Id: sslsock.c,v 1.13 2001-02-09 02:11:31 nelsonb%netscape.com Exp $
  */
 #include "seccomon.h"
 #include "cert.h"
@@ -174,8 +174,10 @@ ssl_FindSocket(PRFileDesc *fd)
     PORT_Assert(ssl_layer_id != 0);
 
     layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
-    if (layer == NULL)
+    if (layer == NULL) {
+	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	return NULL;
+    }
 
     ss = (sslSocket *)layer->secret;
     ss->fd = layer;
@@ -426,7 +428,6 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
 
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	return SECFailure;
     }
 
@@ -550,7 +551,6 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
     }
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	*pOn = PR_FALSE;
 	return SECFailure;
     }
@@ -810,7 +810,6 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
     
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	return SECFailure;
     }
     if (SSL_IS_SSL2_CIPHER(which)) {
@@ -833,7 +832,6 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
     }
     if (!ss) {
 	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
-	PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
 	*enabled = PR_FALSE;
 	return SECFailure;
     }
@@ -908,7 +906,6 @@ SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
 	if (ss == NULL) {
 	    SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", 
 	    	      SSL_GETPID(), model));
-	    SET_ERROR_CODE
 	    return NULL;
 	}
 	ns = ssl_DupSocket(ss);