diff --git a/examples/client/client.c b/examples/client/client.c
index 4ea65d1b2..275c92f95 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -917,11 +917,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 
 #ifdef WOLFSSL_LEANPSK
-    usePsk = 1;
+    if (!usePsk) {
+        usePsk = 1;
+    }
 #endif
 
 #if defined(NO_RSA) && !defined(HAVE_ECC)
-    usePsk = 1;
+    if (!usePsk) {
+        usePsk = 1;
+    }
 #endif
 
     if (fewerPackets)
@@ -948,7 +952,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 err_sys("client can't set cipher list 2");
         }
 #endif
-        useClientCert = 0;
+        if (useClientCert) {
+            useClientCert = 0;
+        }
     }
 
     if (useAnon) {
@@ -959,7 +965,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 err_sys("client can't set cipher list 4");
         }
 #endif
-        useClientCert = 0;
+        if (useClientCert) {
+            useClientCert = 0;
+        }
     }
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
@@ -1436,6 +1444,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         ShowMemoryTracker();
 #endif /* USE_WOLFSSL_MEMORY */
 
+    /* There are use cases  when these assignments are not read. To avoid
+     * potential confusion those warnings have been handled here.
+     */
+    (void) overrideDateErrors;
+    (void) useClientCert;
+    (void) verifyCert;
+    (void) ourCert;
+    (void) ourKey;
+
 #if !defined(WOLFSSL_TIRTOS)
     return 0;
 #endif
diff --git a/examples/server/server.c b/examples/server/server.c
index 282341803..65845dd0a 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -614,11 +614,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             err_sys("server can't set cipher list 1");
 
 #ifdef CYASSL_LEANPSK
-    usePsk = 1;
+    if (!usePsk) {
+        usePsk = 1;
+    }
 #endif
 
 #if defined(NO_RSA) && !defined(HAVE_ECC)
-    usePsk = 1;
+    if (!usePsk) {
+        usePsk = 1;
+    }
 #endif
 
     if (fewerPackets)
@@ -971,6 +975,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     TicketCleanup();
 #endif
 
+    /* There are use cases  when these assignments are not read. To avoid
+     * potential confusion those warnings have been handled here.
+     */
+    (void) ourKey;
+    (void) verifyCert;
+    (void) doCliCertCheck;
+    (void) useNtruKey;
+    (void) ourDhParam;
+    (void) ourCert;
 #ifndef CYASSL_TIRTOS
     return 0;
 #endif
diff --git a/src/internal.c b/src/internal.c
index 19a9ee1bf..9407321da 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -8549,6 +8549,10 @@ static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
     int ret        = 0;
     int atomicUser = 0;
 
+    if (ssl == NULL || output == NULL || input == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
 #ifdef WOLFSSL_DTLS
     if (ssl->options.dtls) {
         sz       += DTLS_RECORD_EXTRA;