diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 8a72490fc9..6a6af8a79e 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -2405,7 +2405,7 @@ ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key)
 {
     gnutls_datum_t rsa_datum[RSA_PARS]; /* m, e, d, p, q, u */
     size_t tmp_size;
-    gcry_sexp_t rsa_priv_key;
+    gcry_sexp_t rsa_priv_key = NULL;
     gint major, minor, patch;
     gint i, p_idx, q_idx;
     int ret;
@@ -2486,7 +2486,7 @@ ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key)
         return NULL;
     }
 
-#if SSL_FAST
+#ifdef SSL_FAST
     return rsa_params;
 #else
     for (i=0; i< 6; i++)
@@ -2508,10 +2508,7 @@ ssl_load_key(FILE* fp)
     gint size;
     guint bytes;
 
-    Ssl_private_key_t *private_key = g_malloc(sizeof(Ssl_private_key_t));
-    private_key->x509_cert = 0;
-    private_key->x509_pkey = 0;
-    private_key->sexp_pkey = 0;
+    Ssl_private_key_t *private_key = g_malloc0(sizeof(Ssl_private_key_t));
 
     /* init private key data*/
     gnutls_x509_privkey_init(&priv_key);
@@ -2601,10 +2598,7 @@ ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) {
     gnutls_x509_crt_t     ssl_cert = NULL;
     gnutls_x509_privkey_t ssl_pkey = NULL;
 
-    Ssl_private_key_t *private_key = g_malloc(sizeof(Ssl_private_key_t));
-    private_key->x509_cert = 0;
-    private_key->x509_pkey = 0;
-    private_key->sexp_pkey = 0;
+    Ssl_private_key_t *private_key = g_malloc0(sizeof(Ssl_private_key_t));
 
     rest = 4096;
     data.data = g_malloc(rest);
@@ -2747,7 +2741,7 @@ ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) {
 
 void ssl_free_key(Ssl_private_key_t* key)
 {
-#if SSL_FAST
+#ifdef SSL_FAST
     gint i;
     for (i=0; i< 6; i++)
         gcry_mpi_release(key->sexp_pkey[i]);
@@ -3252,19 +3246,6 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
         return;
     }
 
-    if ((gint)strlen(uats->password) == 0) {
-         private_key = ssl_load_key(fp);
-    } else {
-        private_key = ssl_load_pkcs12(fp, uats->password);
-    }
-
-    fclose(fp);
-
-    if (!private_key) {
-        fprintf(stderr,"Can't load private key from %s\n", uats->keyfile);
-        return;
-    }
-
     for (at = 0; at < 2; at++) {
         memset(addr_data, 0, sizeof(addr_data));
         addr_len = 0;
@@ -3289,6 +3270,18 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
             continue;
         }
 
+        if ((gint)strlen(uats->password) == 0) {
+            private_key = ssl_load_key(fp);
+        } else {
+            private_key = ssl_load_pkcs12(fp, uats->password);
+        }
+
+        if (!private_key) {
+            fprintf(stderr,"Can't load private key from %s\n", uats->keyfile);
+            fclose(fp);
+            return;
+        }
+
         service = g_malloc(sizeof(SslService) + addr_len);
         service->addr.type = addr_type[at];
         service->addr.len = addr_len;
@@ -3318,6 +3311,8 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
 
         ssl_association_add(associations, handle, service->port, uats->protocol, tcp, TRUE);
     }
+
+    fclose(fp);
 }
 
 /* store master secret into session data cache */