diff --git a/configure.ac b/configure.ac
index d851731cf..ca1f24783 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.8.4],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
+AC_INIT([cyassl],[2.8.5],[https://github.com/cyassl/cyassl/issues],[cyassl],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -311,14 +311,14 @@ fi
 
 # SNIFFER
 AC_ARG_ENABLE([sniffer],
-              [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
-               AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ 
-                      ENABLED_SNIFFER=yes 
-                      AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
-                      ],[ ENABLED_SNIFFER=no ]) ])
-               ],[
-                  ENABLED_SNIFFER=no
-                  ])
+   [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
+   AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ 
+       ENABLED_SNIFFER=yes 
+       AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+   ],[ AC_MSG_ERROR([cannot enable sniffer without having libpcap available.]) ]) ])
+   ],[
+       ENABLED_SNIFFER=no
+   ])
 
 AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
 
diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index f19ce79b0..8b4463229 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2646,6 +2646,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
             CYASSL_MSG("Verify Signautre has unsupported type");
             return 0;
     }
+    (void)typeH;  /* some builds won't read */
 
     switch (keyOID) {
     #ifndef NO_RSA
@@ -3339,6 +3340,7 @@ static void DecodeCertExtensions(DecodedCert* cert)
         }
         idx += length;
     }
+    (void)critical;
 
     CYASSL_LEAVE("DecodeCertExtensions", 0);
     return;
diff --git a/cyassl/version.h b/cyassl/version.h
index bac8ec1d4..96207f8fa 100644
--- a/cyassl/version.h
+++ b/cyassl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBCYASSL_VERSION_STRING "2.8.4"
-#define LIBCYASSL_VERSION_HEX 0x02008004
+#define LIBCYASSL_VERSION_STRING "2.8.5"
+#define LIBCYASSL_VERSION_HEX 0x02008005
 
 #ifdef __cplusplus
 }
diff --git a/src/internal.c b/src/internal.c
index dfb4a79b8..e36fb4aec 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -635,8 +635,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
     if (suites->setSuites)
         return;      /* trust user settings, don't override */
 
-    if (side == CYASSL_SERVER_END && haveStaticECC)
+    if (side == CYASSL_SERVER_END && haveStaticECC) {
         haveRSA = 0;   /* can't do RSA with ECDSA key */
+        (void)haveRSA; /* some builds won't read */
+    }
 
     if (side == CYASSL_SERVER_END && haveECDSAsig) {
         haveRSAsig = 0;     /* can't have RSA sig if signed by ECDSA */
@@ -1636,6 +1638,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
         CYASSL_MSG("Arrays Memory error");
         return MEMORY_E;
     }
+    XMEMSET(ssl->arrays, 0, sizeof(Arrays));
 
 #ifndef NO_PSK
     ssl->arrays->client_identity[0] = 0;
@@ -8117,7 +8120,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
             case ecc_diffie_hellman_kea:
                 {
                     ecc_key  myKey;
-                    ecc_key* peerKey = &myKey;
+                    ecc_key* peerKey = NULL;
                     word32   size = sizeof(encSecret);
 
                     if (ssl->specs.static_ecdh) {
@@ -8132,6 +8135,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
                         peerKey = ssl->peerEccKey;
                     }
 
+                    if (peerKey == NULL)
+                        return NO_PEER_KEY;
+
                     ecc_init(&myKey);
                     ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
                     if (ret != 0)
diff --git a/src/sniffer.c b/src/sniffer.c
index 7eb272f87..8e0bff995 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -417,6 +417,13 @@ void ssl_FreeSniffer(void)
 
     FreeMutex(&SessionMutex);
     FreeMutex(&ServerListMutex);
+
+    if (TraceFile) {
+        TraceOn = 0;
+        fclose(TraceFile);
+        TraceFile = NULL;
+    }
+
     CyaSSL_Cleanup();
 }
 
diff --git a/src/ssl.c b/src/ssl.c
index d9a3950ab..49f8d5f9d 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1730,6 +1730,7 @@ int CyaSSL_Init(void)
         der.buffer    = 0;
 
         (void)dynamicType;
+        (void)rsaKey;
 
         if (used)
             *used = sz;     /* used bytes default to sz, PEM chain may shorten*/
@@ -1980,7 +1981,8 @@ int CyaSSL_Init(void)
                 }
                 ecc_free(&key);
                 eccKey = 1;
-                ctx->haveStaticECC = 1;
+                if (ctx)
+                    ctx->haveStaticECC = 1;
                 if (ssl)
                     ssl->options.haveStaticECC = 1;
             }
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 7d5a7561e..2570a65bc 100755
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -69,18 +69,25 @@ enum {
 };
 
 
-pcap_t* pcap = 0;
-pcap_if_t *alldevs;
+pcap_t* pcap = NULL;
+pcap_if_t* alldevs = NULL;
+
+
+static void FreeAll(void)
+{
+    if (pcap)
+        pcap_close(pcap);
+    if (alldevs)
+        pcap_freealldevs(alldevs);
+#ifndef _WIN32
+    ssl_FreeSniffer();
+#endif
+}
 
 static void sig_handler(const int sig) 
 {
     printf("SIGINT handled = %d.\n", sig);
-    if (pcap)
-        pcap_close(pcap);
-	pcap_freealldevs(alldevs);
-#ifndef _WIN32
-    ssl_FreeSniffer();
-#endif
+    FreeAll();
     if (sig)
         exit(EXIT_SUCCESS);
 }
@@ -286,6 +293,7 @@ int main(int argc, char** argv)
         else if (saveFile)
             break;      /* we're done reading file */
     }
+    FreeAll();
 
     return EXIT_SUCCESS;
 }