diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 34b19407c93150..afdb2e3c270348 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -2486,7 +2486,7 @@ void SSLWrap::CertCbDone(const FunctionCallbackInfo& args) {
// Store the SNI context for later use.
w->sni_context_ = BaseObjectPtr(sc);
- if (UseSNIContext(w->ssl_, sc) && !w->SetCACerts(sc)) {
+ if (UseSNIContext(w->ssl_, w->sni_context_) && !w->SetCACerts(sc)) {
// Not clear why sometimes we throw error, and sometimes we call
// onerror(). Both cause .destroy(), but onerror does a bit more.
unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc
index 197bc5cd5913a4..9358edb66b3cb9 100644
--- a/src/node_crypto_common.cc
+++ b/src/node_crypto_common.cc
@@ -1,3 +1,4 @@
+#include "base_object-inl.h"
#include "env-inl.h"
#include "node_buffer.h"
#include "node_crypto.h"
@@ -223,7 +224,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
return err;
}
-int UseSNIContext(const SSLPointer& ssl, SecureContext* context) {
+int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr context) {
SSL_CTX* ctx = context->ctx_.get();
X509* x509 = SSL_CTX_get0_certificate(ctx);
EVP_PKEY* pkey = SSL_CTX_get0_privatekey(ctx);
diff --git a/src/node_crypto_common.h b/src/node_crypto_common.h
index 8d40052bcca2f9..c373a97e4763a4 100644
--- a/src/node_crypto_common.h
+++ b/src/node_crypto_common.h
@@ -71,7 +71,7 @@ long VerifyPeerCertificate( // NOLINT(runtime/int)
const SSLPointer& ssl,
long def = X509_V_ERR_UNSPECIFIED); // NOLINT(runtime/int)
-int UseSNIContext(const SSLPointer& ssl, SecureContext* context);
+int UseSNIContext(const SSLPointer& ssl, BaseObjectPtr context);
const char* GetClientHelloALPN(const SSLPointer& ssl);