diff --git a/cab.c b/cab.c
index e5190e5..e6e8cdd 100644
--- a/cab.c
+++ b/cab.c
@@ -493,16 +493,8 @@ static PKCS7 *cab_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
             return NULL; /* FAILED */
         }
     }
-    if (ctx->options->nest) {
-        if (!cursig_set_nested(cursig, p7, ctx)) {
-            printf("Unable to append the nested signature to the current signature\n");
-            PKCS7_free(p7);
-            PKCS7_free(cursig);
-            return NULL; /* FAILED */
-        }
-        PKCS7_free(p7);
-        return cursig;
-    }
+    if (ctx->options->nest)
+        ctx->options->prevsig = cursig;
     return p7;
 }
 
diff --git a/msi.c b/msi.c
index 8257ca0..2ebad3b 100644
--- a/msi.c
+++ b/msi.c
@@ -660,16 +660,8 @@ static PKCS7 *msi_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
             return NULL; /* FAILED */
         }
     }
-    if (ctx->options->nest) {
-        if (!cursig_set_nested(cursig, p7, ctx)) {
-            printf("Unable to append the nested signature to the current signature\n");
-            PKCS7_free(p7);
-            PKCS7_free(cursig);
-            return NULL; /* FAILED */
-        }
-        PKCS7_free(p7);
-        return cursig;
-    }
+    if (ctx->options->nest)
+        ctx->options->prevsig = cursig;
     return p7;
 }
 
diff --git a/osslsigncode.c b/osslsigncode.c
index 3e33b71..a0fa85b 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -2258,6 +2258,9 @@ static void free_options(GLOBAL_OPTIONS *options)
     /* If X509 structure is NULL nothing is done */
     X509_free(options->cert);
     options->cert = NULL;
+    /* If PKCS7 structure is NULL nothing is done */
+    PKCS7_free(options->prevsig);
+    options->prevsig = NULL;
     /* Free up all elements of sk structure and sk itself */
     sk_X509_pop_free(options->certs, X509_free);
     options->certs = NULL;
@@ -3671,6 +3674,13 @@ int main(int argc, char **argv)
         PKCS7_free(p7);
         DO_EXIT_0("Unable to set unauthenticated attributes\n");
     }
+    if (options.prevsig) {
+        if (!cursig_set_nested(options.prevsig, p7, ctx))
+            DO_EXIT_0("Unable to append the nested signature to the current signature\n");
+        PKCS7_free(p7);
+        p7 = options.prevsig;
+        options.prevsig = NULL;
+    }
     if (ctx->format->append_pkcs7) {
         ret = ctx->format->append_pkcs7(ctx, outdata, p7);
         if (ret) {
diff --git a/osslsigncode.h b/osslsigncode.h
index 597d1ae..b674774 100644
--- a/osslsigncode.h
+++ b/osslsigncode.h
@@ -277,6 +277,7 @@ typedef struct {
     STACK_OF(X509_CRL) *crls;
     cmd_type_t cmd;
     char *indata;
+    PKCS7 *prevsig;
 } GLOBAL_OPTIONS;
 
 /*
diff --git a/pe.c b/pe.c
index 3f3e017..5c56c26 100644
--- a/pe.c
+++ b/pe.c
@@ -421,7 +421,7 @@ static PKCS7 *pe_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
         }
         if (ctx->options->cmd == CMD_ADD)
             p7 = cursig;
-    } 
+    }
     if (ctx->pe_ctx->sigpos > 0) {
         /* Strip current signature */
         ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos;
@@ -451,16 +451,8 @@ static PKCS7 *pe_pkcs7_prepare(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata)
             return NULL; /* FAILED */
         }
     }
-    if (ctx->options->nest) {
-        if (!cursig_set_nested(cursig, p7, ctx)) {
-            printf("Unable to append the nested signature to the current signature\n");
-            PKCS7_free(p7);
-            PKCS7_free(cursig);
-            return NULL; /* FAILED */
-        }
-        PKCS7_free(p7);
-        return cursig;
-    }
+    if (ctx->options->nest)
+        ctx->options->prevsig = cursig;
     return p7;
 }