diff --git a/libfreerdp/core/rdstls.c b/libfreerdp/core/rdstls.c
index babf1757e..32335f56d 100644
--- a/libfreerdp/core/rdstls.c
+++ b/libfreerdp/core/rdstls.c
@@ -567,7 +567,7 @@ static BOOL rdstls_process_authentication_response(rdpRdstls* rdstls, wStream* s
 		WLog_Print(rdstls->log, WLOG_ERROR, "resultCode: %s [0x%08" PRIX32 "]",
 		           rdstls_result_code_str(resultCode), resultCode);
 
-		UINT32 error;
+		UINT32 error = ERROR_INTERNAL_ERROR;
 		switch (resultCode)
 		{
 			case RDSTLS_RESULT_ACCESS_DENIED:
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index 29e2f98ed..8a64092ea 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -1311,8 +1311,8 @@ static BOOL is_accepted(rdpTls* tls, const rdpCertificate* cert)
 	rdpSettings* settings = tls->context->settings;
 	WINPR_ASSERT(settings);
 
-	FreeRDP_Settings_Keys_String keyAccepted;
-	FreeRDP_Settings_Keys_UInt32 keyLength;
+	FreeRDP_Settings_Keys_String keyAccepted = FreeRDP_AcceptedCert;
+	FreeRDP_Settings_Keys_UInt32 keyLength = FreeRDP_AcceptedCertLength;
 
 	if (tls->isGatewayTransport)
 	{
@@ -1324,11 +1324,6 @@ static BOOL is_accepted(rdpTls* tls, const rdpCertificate* cert)
 		keyAccepted = FreeRDP_RedirectionAcceptedCert;
 		keyLength = FreeRDP_RedirectionAcceptedCertLength;
 	}
-	else
-	{
-		keyAccepted = FreeRDP_AcceptedCert;
-		keyLength = FreeRDP_AcceptedCertLength;
-	}
 
 	const char* AcceptedKey = freerdp_settings_get_string(settings, keyAccepted);
 	const UINT32 AcceptedKeyLength = freerdp_settings_get_uint32(settings, keyLength);
diff --git a/libfreerdp/crypto/x509_utils.c b/libfreerdp/crypto/x509_utils.c
index 303a689ce..05c5892d7 100644
--- a/libfreerdp/crypto/x509_utils.c
+++ b/libfreerdp/crypto/x509_utils.c
@@ -478,7 +478,7 @@ char* x509_utils_get_date(const X509* x509, BOOL startDate)
 	char* str = NULL;
 	if (ASN1_TIME_print(bmem, date))
 	{
-		BUF_MEM* bptr;
+		BUF_MEM* bptr = NULL;
 
 		BIO_get_mem_ptr(bmem, &bptr);
 		str = strndup(bptr->data, bptr->length);