1 files changed, 13 insertions, 10 deletions

diff --git a/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp b/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
index a328e49c13..a721918f57 100644
--- a/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
+++ b/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
@@ -336,16 +336,19 @@ std::string SslSocket::getClientAuthId() const
     std::string authId;
     CERTCertificate* cert = SSL_PeerCertificate(nssSocket);
     if (cert) {
-        authId = CERT_GetCommonName(&(cert->subject));
-        /*
-         * The NSS function CERT_GetDomainComponentName only returns
-         * the last component of the domain name, so we have to parse
-         * the subject manually to extract the full domain.
-         */
-        std::string domain = getDomainFromSubject(cert->subjectName);
-        if (!domain.empty()) {
-            authId += DOMAIN_SEPARATOR;
-            authId += domain;
+        char *cn = CERT_GetCommonName(&(cert->subject));
+        if (cn) {
+            authId = std::string(cn);
+            /*
+             * The NSS function CERT_GetDomainComponentName only returns
+             * the last component of the domain name, so we have to parse
+             * the subject manually to extract the full domain.
+             */
+            std::string domain = getDomainFromSubject(cert->subjectName);
+            if (!domain.empty()) {
+                authId += DOMAIN_SEPARATOR;
+                authId += domain;
+            }
         }
         CERT_DestroyCertificate(cert);
     }