diff --git a/src/ssl.c b/src/ssl.c
index ab2a366ae..7f4dd9339 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -37284,7 +37284,7 @@ static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName)
 
             if (j >= CTC_MAX_ATTRIB) {
                 WOLFSSL_MSG("No more space left in CertName");
-                break;
+                return MEMORY_E;
             }
 
             cName->name[j].sz   = length;
@@ -48354,7 +48354,7 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
     if (s->length < 3) {
         return WOLFSSL_FAILURE;
     }
-    XSTRNCPY((char*)x509->serial, (char*)s->data + 2, s->length - 2);
+    XMEMCPY(x509->serial, s->data + 2, s->length - 2);
     x509->serialSz = s->length - 2;
     x509->serial[s->length] = 0;
 
diff --git a/tests/api.c b/tests/api.c
index e72585319..220898344 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -30534,7 +30534,7 @@ static void test_wolfSSL_X509_get_serialNumber(void)
     BIGNUM* bn;
     X509*   x509;
     char *serialHex;
-    byte serial[1];
+    byte serial[3];
     int  serialSz;
 
     printf(testingFmt, "wolfSSL_X509_get_serialNumber()");
@@ -30556,6 +30556,29 @@ static void test_wolfSSL_X509_get_serialNumber(void)
             WOLFSSL_SUCCESS);
     AssertIntEQ(serialSz, 1);
     AssertIntEQ(serial[0], 3);
+    ASN1_INTEGER_free(a);
+
+    /* test setting serial number with 0's in it */
+    serial[0] = 0x01;
+    serial[1] = 0x00;
+    serial[2] = 0x02;
+
+    AssertNotNull(a = wolfSSL_ASN1_INTEGER_new());
+    a->data[0] = ASN_INTEGER;
+    a->data[1] = sizeof(serial);
+    XMEMCPY(&a->data[2], serial, sizeof(serial));
+    a->length = sizeof(serial) + 2;
+    AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
+
+    XMEMSET(serial, 0, sizeof(serial));
+    serialSz = sizeof(serial);
+    AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
+            WOLFSSL_SUCCESS);
+    AssertIntEQ(serialSz, 3);
+    AssertIntEQ(serial[0], 0x01);
+    AssertIntEQ(serial[1], 0x00);
+    AssertIntEQ(serial[2], 0x02);
+    ASN1_INTEGER_free(a);
 
     X509_free(x509); /* free's a */
 
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index b4bb58971..b38eac94f 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -6644,13 +6644,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap)
 #else
         ret = wc_InitRng(&pkey->rng);
 #endif
+        pkey->references = 1;
+        wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before
+                                        * wolfSSL_EVP_PKEY_free */
         if (ret != 0){
             wolfSSL_EVP_PKEY_free(pkey);
             WOLFSSL_MSG("memory failure");
             return NULL;
         }
-        pkey->references = 1;
-        wc_InitMutex(&pkey->refMutex);
     }
     else {
         WOLFSSL_MSG("memory failure");