diff --git a/src/ssl.c b/src/ssl.c
index 928ff61da..d522311bc 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -721,6 +721,7 @@ int wolfSSL_get_ciphers(char* buf, int len)
 }
 
 
+#ifndef NO_ERROR_STRINGS
 /* places a list of all supported cipher suites in TLS_* format into "buf"
  * return WOLFSSL_SUCCESS on success */
 int wolfSSL_get_ciphers_iana(char* buf, int len)
@@ -751,6 +752,7 @@ int wolfSSL_get_ciphers_iana(char* buf, int len)
     }
     return WOLFSSL_SUCCESS;
 }
+#endif /* NO_ERROR_STRINGS */
 
 
 const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
diff --git a/tests/api.c b/tests/api.c
index b416f650f..aeb060aa1 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -4417,6 +4417,7 @@ static void test_wolfSSL_X509_verify(void)
     pt = buf;
     AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
     AssertIntEQ(wolfSSL_X509_verify(server, pkey), WOLFSSL_SUCCESS);
+    wolfSSL_EVP_PKEY_free(pkey);
 
     /* fail case */
     bufSz = 2048;
@@ -4428,6 +4429,7 @@ static void test_wolfSSL_X509_verify(void)
 
     AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
     AssertIntEQ(wolfSSL_X509_verify(server, NULL), WOLFSSL_FATAL_ERROR);
+    wolfSSL_EVP_PKEY_free(pkey);
 
     wolfSSL_FreeX509(ca);
     wolfSSL_FreeX509(server);
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 72ab8393b..c008da043 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7790,12 +7790,12 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
     Signer*       ca = NULL;
     word32        idx = 0;
     int           len;
-    word32        tbsCertIdx;
-    word32        sigIndex;
+    word32        tbsCertIdx = 0;
+    word32        sigIndex   = 0;
     word32        signatureOID;
     word32        oid;
-    word32        issuerIdx;
-    word32        issuerSz;
+    word32        issuerIdx = 0;
+    word32        issuerSz  = 0;
 #ifndef NO_SKID
     int           extLen;
     word32        extIdx;