diff --git a/examples/client/client.c b/examples/client/client.c
index 3e79517d8..3fc2b715a 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2069,7 +2069,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     (void)resumeScr;
     (void)ourKey;
     (void)ourCert;
-    (void)customVerifyCert;
     (void)verifyCert;
     (void)useClientCert;
     (void)disableCRL;
@@ -3898,7 +3897,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
                         if (ret == WOLFSSL_SUCCESS) {
                             printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n");
-                            err = 0;
                         }
                     }
                     if (ret != WOLFSSL_SUCCESS) {
@@ -4342,6 +4340,7 @@ exit:
     (void) ourCert;
     (void) ourKey;
     (void) useVerifyCb;
+    (void) customVerifyCert;
 
 #if !defined(WOLFSSL_TIRTOS)
     return 0;
diff --git a/src/internal.c b/src/internal.c
index 750baa064..040439738 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -10741,12 +10741,16 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
 #endif
     }
 
-    /* store cert for potential retrieval */
-    if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) {
-        XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
-    }
-    else {
-        ret = MEMORY_E;
+    /* if der contains original source buffer then store for potential
+     * retrieval */
+    if (dCert->source != NULL && dCert->maxIdx > 0) {
+        if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap)
+                                                                         == 0) {
+            XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
+        }
+        else {
+            ret = MEMORY_E;
+        }
     }
 
     x509->altNames       = dCert->altNames;
diff --git a/src/ssl.c b/src/ssl.c
index 594a391e4..f9c80e51e 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7600,7 +7600,6 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
                 if (ret != WOLFSSL_SUCCESS) {
                     WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error. Ignoring"
                             "this error.");
-                    ret = WOLFSSL_SUCCESS;
                 }
     #endif
                 successCount++;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 10e40700c..72b736bb0 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -16674,11 +16674,11 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
     #ifdef HAVE_FFDHE_4096
     #ifdef HAVE_PUBLIC_FFDHE
     ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
-    if (ret != 0)
-        ERROR_OUT(-8128, done);
     #else
     ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
     #endif
+    if (ret != 0)
+        ERROR_OUT(-8128, done);
     #endif
 #endif /* !WC_NO_RNG */
 #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */