diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index a1879fd40..113f72440 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -95,7 +95,7 @@ int ssl_cache_get( void *data, ssl_session *session )
             if( session->peer_cert == NULL )
                 return( 1 );
 
-            memset( session->peer_cert, 0, sizeof(x509_crt) );
+            x509_crt_init( session->peer_cert );
             if( x509_crt_parse( session->peer_cert, entry->peer_cert.p,
                                 entry->peer_cert.len ) != 0 )
             {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 04732f0bc..bce3d4ee4 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -140,7 +140,7 @@ static int ssl_load_session( ssl_session *session,
         if( session->peer_cert == NULL )
             return( POLARSSL_ERR_SSL_MALLOC_FAILED );
 
-        memset( session->peer_cert, 0, sizeof( x509_crt ) );
+        x509_crt_init( session->peer_cert );
 
         if( ( ret = x509_crt_parse( session->peer_cert, p, cert_len ) ) != 0 )
         {
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 66f26c7f8..c19536bd6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -83,7 +83,7 @@ static int ssl_session_copy( ssl_session *dst, const ssl_session *src )
         if( ( dst->peer_cert = polarssl_malloc( sizeof(x509_crt) ) ) == NULL )
             return( POLARSSL_ERR_SSL_MALLOC_FAILED );
 
-        memset( dst->peer_cert, 0, sizeof(x509_crt) );
+        x509_crt_init( dst->peer_cert );
 
         if( ( ret = x509_crt_parse( dst->peer_cert, src->peer_cert->raw.p,
                                     src->peer_cert->raw.len ) != 0 ) )
@@ -2494,7 +2494,7 @@ int ssl_parse_certificate( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
-    memset( ssl->session_negotiate->peer_cert, 0, sizeof( x509_crt ) );
+    x509_crt_init( ssl->session_negotiate->peer_cert );
 
     i = 7;
 
diff --git a/library/x509.c b/library/x509.c
index 2f9f5e417..677760e6c 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -708,7 +708,7 @@ int x509_self_test( int verbose )
     if( verbose != 0 )
         printf( "  X.509 certificate load: " );
 
-    memset( &clicert, 0, sizeof( x509_crt ) );
+    x509_crt_init( &clicert );
 
     ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
                           strlen( test_cli_crt ) );
@@ -720,7 +720,7 @@ int x509_self_test( int verbose )
         return( ret );
     }
 
-    memset( &cacert, 0, sizeof( x509_crt ) );
+    x509_crt_init( &cacert );
 
     ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
                           strlen( test_ca_crt ) );