diff --git a/src/config.c b/src/config.c
index 8466faa2aeb018cb357bc8c387da4f11afdb8398..f20af0a2718249ea865fde22d725d1f39b8ef947 100644
--- a/src/config.c
+++ b/src/config.c
@@ -204,6 +204,13 @@ int load_config(struct vpn_config *cfg, const char *filename)
 			if (add_trusted_cert(cfg, val))
 				log_warn("Could not add certificate digest to "
 				         "whitelist.\n");
+
+		} else if (strcmp(key, "ca-file") == 0) {
+			cfg->ca_file = strdup(val);
+		} else if (strcmp(key, "user-cert") == 0) {
+			cfg->user_cert = strdup(val);
+		} else if (strcmp(key, "user-key") == 0) {
+			cfg->user_key = strdup(val);
 		} else {
 			log_warn("Bad key in config file: \"%s\".\n", key);
 			goto err_free;
diff --git a/src/config.h b/src/config.h
index 4c35f63c0d02b2bd96b41a4e9953ec09c6e60a19..2d6fa4f10d0b7d6c65e9c801a8e16a152a6a8fba 100644
--- a/src/config.h
+++ b/src/config.h
@@ -95,7 +95,10 @@ struct vpn_config {
 		struct x509_digest *tmp = (cfg)->cert_whitelist->next; \
 		free((cfg)->cert_whitelist); \
 		(cfg)->cert_whitelist = tmp; \
-	}
+	} \
+	free((cfg)->ca_file); \
+	free((cfg)->user_cert); \
+	free((cfg)->user_key);
 
 int add_trusted_cert(struct vpn_config *cfg, const char *digest);
 
diff --git a/src/main.c b/src/main.c
index 88ea109d560833b6fc2359b6f1ee38314a8a2f94..f16e526ad31a5c2b8eb917fa6277e28921685c8b 100644
--- a/src/main.c
+++ b/src/main.c
@@ -169,17 +169,17 @@ int main(int argc, char **argv)
 			}
 			if (strcmp(long_options[option_index].name,
 			           "ca-file") == 0) {
-				cfg.ca_file = optarg;
+				cfg.ca_file = strdup(optarg);
 				break;
 			}
 			if (strcmp(long_options[option_index].name,
 			           "user-cert") == 0) {
-				cfg.user_cert = optarg;
+				cfg.user_cert = strdup(optarg);
 				break;
 			}
 			if (strcmp(long_options[option_index].name,
 			           "user-key") == 0) {
-				cfg.user_key = optarg;
+				cfg.user_key = strdup(optarg);
 				break;
 			}
 			if (strcmp(long_options[option_index].name,