diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 40d117b..6cb04ee 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -202,8 +202,8 @@
     X509_NAME_ENTRY *x509ne = NULL;
     ASN1_STRING *asn1 = NULL;
     unsigned char *buf = NULL;
-    ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
 
+    ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
     if (field_name_obj == NULL)
     {
         msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name);
@@ -244,11 +244,9 @@
 
     strncpynt(out, (char *)buf, size);
 
-    {
-        const result_t ret = (strlen((char *)buf) < size) ? SUCCESS : FAILURE;
-        OPENSSL_free(buf);
-        return ret;
-    }
+    const result_t ret = (strlen((char *)buf) < size) ? SUCCESS : FAILURE;
+    OPENSSL_free(buf);
+    return ret;
 }
 
 result_t
@@ -278,12 +276,21 @@
     }
     else
 #endif /* ifdef ENABLE_X509ALTUSERNAME */
+    {
+        X509_NAME *x509_subject_name = X509_get_subject_name(peer_cert);
+        if (x509_subject_name == NULL)
+        {
+            msg(D_TLS_ERRORS, "X509 subject name is NULL");
+            return FAILURE;
+        }
+
         if (FAILURE
-            == extract_x509_field_ssl(X509_get_subject_name(peer_cert), x509_username_field,
+            == extract_x509_field_ssl(x509_subject_name, x509_username_field,
                                       common_name, cn_len))
         {
             return FAILURE;
         }
+    }
 
     return SUCCESS;
 }