diff --git a/src/NetworkOptions.jl b/src/NetworkOptions.jl
index 87a82e1..184d63d 100644
--- a/src/NetworkOptions.jl
+++ b/src/NetworkOptions.jl
@@ -4,4 +4,10 @@ include("ca_roots.jl")
 include("ssh_options.jl")
 include("verify_host.jl")
 
+function __init__()
+    SYSTEM_CA_ROOTS[] = nothing
+    BUNDLED_KNOWN_HOSTS_FILE[] = nothing
+    empty!(ENV_HOST_PATTERN_CACHE)
+end
+
 end # module
diff --git a/src/ca_roots.jl b/src/ca_roots.jl
index 653c73a..e39e173 100644
--- a/src/ca_roots.jl
+++ b/src/ca_roots.jl
@@ -74,7 +74,7 @@ const BSD_CA_ROOTS = [
 ]
 
 const SYSTEM_CA_ROOTS_LOCK = ReentrantLock()
-const SYSTEM_CA_ROOTS = Ref{String}()
+const SYSTEM_CA_ROOTS = Ref{Union{Nothing, String}}(nothing)
 
 const BEGIN_CERT_REGULAR = "-----BEGIN CERTIFICATE-----"
 const BEGIN_CERT_OPENSSL = "-----BEGIN TRUSTED CERTIFICATE-----"
@@ -84,7 +84,7 @@ NetworkOptions could only find OpenSSL-specific TLS certificates which cannot be
 
 function system_ca_roots()
     lock(SYSTEM_CA_ROOTS_LOCK) do
-        isassigned(SYSTEM_CA_ROOTS) && return # from lock()
+        SYSTEM_CA_ROOTS[] !== nothing && return # from lock()
         search_path = Sys.islinux() ? LINUX_CA_ROOTS :
             Sys.isbsd() && !Sys.isapple() ? BSD_CA_ROOTS : String[]
         openssl_only = false
diff --git a/src/ssh_options.jl b/src/ssh_options.jl
index d1f59e0..aa9be12 100644
--- a/src/ssh_options.jl
+++ b/src/ssh_options.jl
@@ -160,13 +160,6 @@ function bundled_known_hosts()
     end
 end
 
-function __init__()
-    # Reset in case we serialized a value here.
-    lock(BUNDLED_KNOWN_HOSTS_LOCK) do
-        BUNDLED_KNOWN_HOSTS_FILE[] = nothing
-    end
-end
-
 const BUNDLED_KNOWN_HOSTS = """
 github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
 github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl