diff --git a/src/ocsp.c b/src/ocsp.c
index efb86f37c..427c1a34c 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -608,8 +608,10 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
         XMEMCPY(derCert->buffer, issuer->derCert->buffer,
                 issuer->derCert->length);
         ret = AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
-        if (ret != WOLFSSL_SUCCESS)
+        if (ret != WOLFSSL_SUCCESS) {
+            wolfSSL_CertManagerFree(cm);
             return NULL;
+        }
     }
 
     certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
diff --git a/src/ssl.c b/src/ssl.c
index 2d68a0d4f..0593a3218 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -8531,6 +8531,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
             NO_VERIFY, NULL) < 0) {
         WOLFSSL_MSG("\tCertificate parsing failed");
         wolfSSL_X509_EXTENSION_free(ext);
+        FreeDecodedCert(&cert);
         return NULL;
     }
 
@@ -9551,6 +9552,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
             CA_TYPE,
             NO_VERIFY, NULL) < 0) {
         WOLFSSL_MSG("\tCertificate parsing failed");
+        FreeDecodedCert(&cert);
         return WOLFSSL_FATAL_ERROR;
     }
 
@@ -18296,6 +18298,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
         x509 = wolfSSL_X509_new();
         if (x509 == NULL) {
             WOLFSSL_MSG("Error Creating X509");
+            wolfSSL_sk_X509_free(sk);
             return NULL;
         }
         ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,