diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 261dc5ea7..545194f31 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -797,15 +797,15 @@ int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
                        word32 inSz)
 {
     int    length;
-    byte   b;
 
     if (GetSequence(input, inOutIdx, &length, inSz) < 0)
         return ASN_PARSE_E;
 
     key->type = RSA_PUBLIC;
-    b = input[*inOutIdx];
 
-#ifdef OPENSSL_EXTRA    
+#ifdef OPENSSL_EXTRA
+    {
+    byte b = input[*inOutIdx];
     if (b != ASN_INTEGER) {
         /* not from decoded cert, will have algo id, skip past */
         if (GetSequence(input, inOutIdx, &length, inSz) < 0)
@@ -847,7 +847,8 @@ int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key,
         
         if (GetSequence(input, inOutIdx, &length, inSz) < 0)
             return ASN_PARSE_E;
-    }
+    }  /* end if */
+    }  /* openssl var block */
 #endif /* OPENSSL_EXTRA */
 
     if (GetInt(&key->n,  input, inOutIdx, inSz) < 0 ||
diff --git a/src/ssl.c b/src/ssl.c
index 24c625651..74fb6823a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -491,6 +491,7 @@ int AddCA(SSL_CTX* ctx, buffer der)
 
         (void)heap;
         (void)dynamicType;
+        (void)pkcs8Enc;
 
         if (type == CERT_TYPE || type == CA_TYPE)  {
             XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));