diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c
index 286a00d..5b5128f 100644
--- a/ssl/ssl.enums.c
+++ b/ssl/ssl.enums.c
@@ -2481,7 +2481,7 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data)
   {
     int l,r,*ems;
 
-    ems=&ssl->decoder->extended_master_secret;
+    ems=&ssl->extensions->extended_master_secret;
 
     SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
     data->len-=l;
diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c
index dde5b54..67b1f73 100644
--- a/ssl/ssl_analyze.c
+++ b/ssl/ssl_analyze.c
@@ -265,6 +265,9 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
 
     if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx))
       ABORT(r);
+
+    if (!(obj->extensions=malloc(sizeof(ssl_extensions))))
+      ABORT(R_NO_MEMORY);
     
     *objp=(proto_obj *)obj;
 
@@ -291,7 +294,8 @@ static int destroy_ssl_analyzer(objp)
     free_r_queue(obj->r2i_queue);
     ssl_decoder_destroy(&obj->decoder);
     free(obj->client_name);
-    free(obj->server_name);    
+    free(obj->server_name);
+    free(obj->extensions);
     free(*objp);
     *objp=0;
 
diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h
index 0f5343e..34f6539 100644
--- a/ssl/ssl_h.h
+++ b/ssl/ssl_h.h
@@ -67,6 +67,10 @@ typedef struct d_queue_ {
      int offset;	/*How far into the first segment this record starts*/
 } r_queue;
 
+typedef struct ssl_extensions_ {
+  int extended_master_secret;
+} ssl_extensions;
+
 typedef struct ssl_obj_ {
      tcp_conn *conn;
      int r_state;
@@ -86,7 +90,7 @@ typedef struct ssl_obj_ {
      struct timeval time_last;
      ssl_decode_ctx *ssl_ctx;
      ssl_decoder *decoder;
-     ssl_extensions extensions;
+     ssl_extensions *extensions;
 
      int process_ciphertext;