diff --git a/Misc/NEWS b/Misc/NEWS
index 3aa7e52333a..49d18516bab 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -466,6 +466,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().
+
 - Issue #13777: Add PF_SYSTEM sockets on OS X.
   Patch by Michael Goderbauer.
 
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 3e2e264fedb..97fc07f718f 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -547,15 +547,20 @@ _create_tuple_for_X509_NAME (X509_NAME *xname)
             goto fail1;
     }
     /* now, there's typically a dangling RDN */
-    if ((rdn != NULL) && (PyList_Size(rdn) > 0)) {
-        rdnt = PyList_AsTuple(rdn);
-        Py_DECREF(rdn);
-        if (rdnt == NULL)
-            goto fail0;
-        retcode = PyList_Append(dn, rdnt);
-        Py_DECREF(rdnt);
-        if (retcode < 0)
-            goto fail0;
+    if (rdn != NULL) {
+        if (PyList_GET_SIZE(rdn) > 0) {
+            rdnt = PyList_AsTuple(rdn);
+            Py_DECREF(rdn);
+            if (rdnt == NULL)
+                goto fail0;
+            retcode = PyList_Append(dn, rdnt);
+            Py_DECREF(rdnt);
+            if (retcode < 0)
+                goto fail0;
+        }
+        else {
+            Py_DECREF(rdn);
+        }
     }
 
     /* convert list to tuple */