avoid GC untrack if we haven't yet GC tracked
diff --git a/src/crypto/pkcs12.c b/src/crypto/pkcs12.c
index 2f6f944..2302242 100644
--- a/src/crypto/pkcs12.c
+++ b/src/crypto/pkcs12.c
@@ -20,6 +20,7 @@
  */
 
 static void crypto_PKCS12_dealloc(crypto_PKCS12Obj *self);
+static int crypto_PKCS12_clear(crypto_PKCS12Obj *self);
 
 static char crypto_PKCS12_get_certificate_doc[] = "\n\
 Return certificate portion of the PKCS12 structure\n\
@@ -414,7 +415,10 @@
 
 error:
     sk_X509_free(cacerts); /* NULL safe. Free just the container. */
-    crypto_PKCS12_dealloc(self);
+    if (self) {
+        crypto_PKCS12_clear(self);
+        PyObject_GC_Del(self);
+    }
     return NULL;
 }
 
diff --git a/test/test_crypto.py b/test/test_crypto.py
index c98a844..9aedea8 100644
--- a/test/test_crypto.py
+++ b/test/test_crypto.py
@@ -1227,9 +1227,7 @@
         passwd = 'Lake Michigan'
         p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
         dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
-        # Unfortunately, we can't load the dumped PKCS12 back into memory
-        # because PKCS12_parse doesn't work on such PKCS12 data.
-        p12 = load_pkcs12(dumped_p12, passwd)
+        self.assertRaises(Error, load_pkcs12, dumped_p12, passwd)
 
 
     def test_zero_len_list_for_ca(self):