diff --git a/third-party/pjproject/patches/0250-Fix-double-free-of-ossock-ossl_ctx-in-case-of-errors.patch b/third-party/pjproject/patches/0250-Fix-double-free-of-ossock-ossl_ctx-in-case-of-errors.patch
new file mode 100644
index 0000000000..9f427be423
--- /dev/null
+++ b/third-party/pjproject/patches/0250-Fix-double-free-of-ossock-ossl_ctx-in-case-of-errors.patch
@@ -0,0 +1,127 @@
+From 863629bc65d68518d85cf94758725da3042c2445 Mon Sep 17 00:00:00 2001
+From: johado <papputten@gmail.com>
+Date: Mon, 18 Apr 2022 06:08:33 +0200
+Subject: [PATCH] Fix double free of ossock->ossl_ctx in case of errors (#3069)
+ (#3070)
+
+---
+ pjlib/src/pj/ssl_sock_ossl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
+index ed441e3e2..180ef0fe6 100644
+--- a/pjlib/src/pj/ssl_sock_ossl.c
++++ b/pjlib/src/pj/ssl_sock_ossl.c
+@@ -1167,20 +1167,21 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
+ PJ_PERROR(1,(ssock->pool->obj_name, status,
+ "Error loading CA list file '%s'",
+ cert->CA_file.ptr));
+ }
+ if (cert->CA_path.slen) {
+ PJ_PERROR(1,(ssock->pool->obj_name, status,
+ "Error loading CA path '%s'",
+ cert->CA_path.ptr));
+ }
+ SSL_CTX_free(ctx);
++ ossock->ossl_ctx = NULL;
+ return status;
+ } else {
+ PJ_LOG(4,(ssock->pool->obj_name,
+ "CA certificates loaded from '%s%s%s'",
+ cert->CA_file.ptr,
+ ((cert->CA_file.slen && cert->CA_path.slen)?
+ " + ":""),
+ cert->CA_path.ptr));
+ }
+ }
+@@ -1197,20 +1198,21 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
+
+ /* Load certificate chain from file into ctx */
+ rc = SSL_CTX_use_certificate_chain_file(ctx, cert->cert_file.ptr);
+
+ if(rc != 1) {
+ status = GET_SSL_STATUS(ssock);
+ PJ_PERROR(1,(ssock->pool->obj_name, status,
+ "Error loading certificate chain file '%s'",
+ cert->cert_file.ptr));
+ SSL_CTX_free(ctx);
++ ossock->ossl_ctx = NULL;
+ return status;
+ } else {
+ PJ_LOG(4,(ssock->pool->obj_name,
+ "Certificate chain loaded from '%s'",
+ cert->cert_file.ptr));
+ }
+ }
+
+
+ /* Load private key if one is specified */
+@@ -1218,20 +1220,21 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
+ /* Adds the first private key found in file to ctx */
+ rc = SSL_CTX_use_PrivateKey_file(ctx, cert->privkey_file.ptr,
+ SSL_FILETYPE_PEM);
+
+ if(rc != 1) {
+ status = GET_SSL_STATUS(ssock);
+ PJ_PERROR(1,(ssock->pool->obj_name, status,
+ "Error adding private key from '%s'",
+ cert->privkey_file.ptr));
+ SSL_CTX_free(ctx);
++ ossock->ossl_ctx = NULL;
+ return status;
+ } else {
+ PJ_LOG(4,(ssock->pool->obj_name,
+ "Private key loaded from '%s'",
+ cert->privkey_file.ptr));
+ }
+
+ #if !defined(OPENSSL_NO_DH)
+ if (ssock->is_server) {
+ bio = BIO_new_file(cert->privkey_file.ptr, "r");
+@@ -1267,20 +1270,21 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
+ xcert = PEM_read_bio_X509(cbio, NULL, 0, NULL);
+ if (xcert != NULL) {
+ rc = SSL_CTX_use_certificate(ctx, xcert);
+ if (rc != 1) {
+ status = GET_SSL_STATUS(ssock);
+ PJ_PERROR(1,(ssock->pool->obj_name, status,
+ "Error loading chain certificate from buffer"));
+ X509_free(xcert);
+ BIO_free(cbio);
+ SSL_CTX_free(ctx);
++ ossock->ossl_ctx = NULL;
+ return status;
+ } else {
+ PJ_LOG(4,(ssock->pool->obj_name,
+ "Certificate chain loaded from buffer"));
+ }
+ X509_free(xcert);
+ }
+ BIO_free(cbio);
+ }
+ }
+@@ -1335,20 +1339,21 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
+ cert);
+ if (pkey) {
+ rc = SSL_CTX_use_PrivateKey(ctx, pkey);
+ if (rc != 1) {
+ status = GET_SSL_STATUS(ssock);
+ PJ_PERROR(1,(ssock->pool->obj_name, status,
+ "Error adding private key from buffer"));
+ EVP_PKEY_free(pkey);
+ BIO_free(kbio);
+ SSL_CTX_free(ctx);
++ ossock->ossl_ctx = NULL;
+ return status;
+ } else {
+ PJ_LOG(4,(ssock->pool->obj_name,
+ "Private key loaded from buffer"));
+ }
+ EVP_PKEY_free(pkey);
+ } else {
+ PJ_LOG(1,(ssock->pool->obj_name,
+ "Error reading private key from buffer"));
+ }
+--
+2.41.0
+
diff --git a/third-party/pjproject/patches/0251-free-SSL-context-and-reset-context-pointer-when-sett.patch b/third-party/pjproject/patches/0251-free-SSL-context-and-reset-context-pointer-when-sett.patch
new file mode 100644
index 0000000000..60e092f446
--- /dev/null
+++ b/third-party/pjproject/patches/0251-free-SSL-context-and-reset-context-pointer-when-sett.patch
@@ -0,0 +1,44 @@
+From 0fb32cd4c0b2f83c1f98b9dd46da713d9a433a93 Mon Sep 17 00:00:00 2001
+From: Andreas Wehrmann <andreas-wehrmann@users.noreply.github.com>
+Date: Tue, 27 Sep 2022 10:09:03 +0200
+Subject: [PATCH] free SSL context and reset context pointer when setting the
+ cipher list fails; this is a followup of issue #3069 (#3245)
+
+---
+ pjlib/src/pj/ssl_sock_ossl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
+index c24472fec..554324305 100644
+--- a/pjlib/src/pj/ssl_sock_ossl.c
++++ b/pjlib/src/pj/ssl_sock_ossl.c
+@@ -1214,22 +1214,25 @@ static pj_status_t init_ossl_ctx(pj_ssl_sock_t *ssock)
+ PJ_LOG(1, (THIS_FILE, "Warning! Unable to set server session id "
+ "context. Session reuse will not work."));
+ }
+ }
+
+ if (ssl_opt)
+ SSL_CTX_set_options(ctx, ssl_opt);
+
+ /* Set cipher list */
+ status = set_cipher_list(ssock);
+- if (status != PJ_SUCCESS)
++ if (status != PJ_SUCCESS) {
++ SSL_CTX_free(ctx);
++ ossock->ossl_ctx = NULL;
+ return status;
++ }
+
+ /* Apply credentials */
+ if (cert) {
+ /* Load CA list if one is specified. */
+ if (cert->CA_file.slen || cert->CA_path.slen) {
+
+ rc = SSL_CTX_load_verify_locations(
+ ctx,
+ cert->CA_file.slen == 0 ? NULL : cert->CA_file.ptr,
+ cert->CA_path.slen == 0 ? NULL : cert->CA_path.ptr);
+--
+2.41.0
+