diff --git a/src/ssl.c b/src/ssl.c
index 44f5b7a25..1cdd8b3b2 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -18758,13 +18758,13 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         WOLFSSL_ENTER("wolfSSL_get_peer_certificate");
         if (ssl != NULL) {
             if (ssl->peerCert.issuer.sz)
-                ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap);
+                ret = wolfSSL_X509_dup(&ssl->peerCert);
 #ifdef SESSION_CERTS
             else if (ssl->session->chain.count > 0) {
                 if (DecodeToX509(&ssl->peerCert,
                         ssl->session->chain.certs[0].buffer,
                         ssl->session->chain.certs[0].length) == 0) {
-                    ret = wolfSSL_X509_dup_ex(&ssl->peerCert, ssl->heap);
+                    ret = wolfSSL_X509_dup(&ssl->peerCert);
                 }
             }
 #endif
diff --git a/src/x509.c b/src/x509.c
index 528cc5b41..4f5992d89 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -13419,7 +13419,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
     defined(KEEP_PEER_CERT)
-WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap)
+WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
 {
     WOLFSSL_ENTER("wolfSSL_X509_dup");
 
@@ -13434,12 +13434,7 @@ WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509 *x, void* heap)
     }
 
     return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length,
-        heap);
-}
-
-WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
-{
-    return wolfSSL_X509_dup_ex(x, NULL);
+        x->heap);
 }
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
diff --git a/src/x509_str.c b/src/x509_str.c
index 1899085be..a01906c41 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1035,7 +1035,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
         return WOLFSSL_FAILURE;
 
     /* tmp ctx for setting our cert manager */
-    ctx = wolfSSL_CTX_new(cm_pick_method(NULL));
+    ctx = wolfSSL_CTX_new(cm_pick_method(str->cm->heap));
     if (ctx == NULL)
         return WOLFSSL_FAILURE;
 
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index c9bd3b712..6de892344 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1683,7 +1683,6 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
 WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup_ex(WOLFSSL_X509* x, void* heap);
 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)
 WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
 WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);