diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index 93d8bc856..ddb67fcf0 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -905,8 +905,8 @@ ossl_ocspbres_get_status(VALUE self)
     int count = OCSP_resp_count(bs);
     for (int i = 0; i < count; i++) {
         OCSP_SINGLERESP *single = OCSP_resp_get0(bs, i);
-        ASN1_TIME *revtime, *thisupd, *nextupd;
-        int reason;
+        ASN1_TIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
+        int reason = -1;
 
         int status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd);
         if (status < 0)
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 6e51fd42b..ae0d35b72 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -1010,7 +1010,7 @@ static VALUE
 ossl_pkcs7si_get_signed_time(VALUE self)
 {
     PKCS7_SIGNER_INFO *p7si;
-    ASN1_TYPE *asn1obj;
+    const ASN1_TYPE *asn1obj;
 
     GetPKCS7si(self, p7si);
 
diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb
index b9b66ad37..c43ff5cb5 100644
--- a/test/openssl/test_ocsp.rb
+++ b/test/openssl/test_ocsp.rb
@@ -215,6 +215,35 @@ def test_basic_response_dup
     assert_equal bres.to_der, bres.dup.to_der
   end
 
+  def test_basic_response_status_good
+    bres = OpenSSL::OCSP::BasicResponse.new
+    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest.new('SHA1'))
+    bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, nil)
+    bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert])
+
+    statuses = bres.status
+    assert_equal 1, statuses.size
+    status = statuses[0]
+    assert_equal cid.to_der, status[0].to_der
+    assert_equal OpenSSL::OCSP::V_CERTSTATUS_GOOD, status[1]
+    assert_nil status[3] # revtime should be nil for GOOD status
+  end
+
+  def test_basic_response_status_revoked
+    bres = OpenSSL::OCSP::BasicResponse.new
+    now = Time.at(Time.now.to_i)
+    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest.new('SHA1'))
+    bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_REVOKED,
+                    OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, now - 400, -300, nil, nil)
+    bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert])
+
+    statuses = bres.status
+    assert_equal 1, statuses.size
+    status = statuses[0]
+    assert_equal OpenSSL::OCSP::V_CERTSTATUS_REVOKED, status[1]
+    assert_equal now - 400, status[3] # revtime should be the revocation time
+  end
+
   def test_basic_response_response_operations
     bres = OpenSSL::OCSP::BasicResponse.new
     now = Time.at(Time.now.to_i)