diff --git a/configure.ac b/configure.ac
index edc7549f5..38b2f4bea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -428,7 +428,7 @@ AC_ARG_ENABLE(bump,
 
 if test "$ENABLED_BUMP" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN"
+    AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DOPENSSL_EXTRA"
 fi
 
 # ECC 
diff --git a/cyassl/internal.h b/cyassl/internal.h
index 16d901149..1503c8571 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -932,6 +932,7 @@ struct CYASSL_X509 {
     CYASSL_X509_NAME subject;
     int              serialSz;
     byte             serial[EXTERNAL_SERIAL_SIZE];
+    char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
 };
 
 
diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 76793eeeb..f738a6c94 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -658,6 +658,7 @@ CYASSL_API int  CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
                                 unsigned char* buffer, int inLen, int* outLen);
 CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s);
 CYASSL_API int  CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*);
+CYASSL_API char*  CyaSSL_X509_get_subjectCN(CYASSL_X509*);
 
 /* connect enough to get peer cert */
 CYASSL_API int  CyaSSL_connect_cert(CYASSL* ssl);
diff --git a/src/internal.c b/src/internal.c
index d3c61ca71..776fc6c03 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1548,10 +1548,21 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
         XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
         ssl->peerCert.serialSz = dCert.serialSz;
+        if (dCert.subjectCNLen < ASN_NAME_MAX) {
+            XMEMCPY(ssl->peerCert.subjectCN,dCert.subjectCN,dCert.subjectCNLen);
+            ssl->peerCert.subjectCN[dCert.subjectCNLen] = '\0';
+        }
+        else
+            ssl->peerCert.subjectCN[0] = '\0';
 #endif    
 
-        XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);
-        domain[dCert.subjectCNLen] = '\0';
+        /* store for callback use */
+        if (dCert.subjectCNLen < ASN_NAME_MAX) {
+            XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);
+            domain[dCert.subjectCNLen] = '\0';
+        }
+        else
+            domain[0] = '\0';
 
         if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer)
             if (XSTRNCMP((char*)ssl->buffers.domainName.buffer,
diff --git a/src/ssl.c b/src/ssl.c
index caafd8ffe..0cfc57b5f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3792,7 +3792,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
     }
 
 
-
     int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime)
     {
         (void)bio;
@@ -4146,6 +4145,14 @@ int CyaSSL_set_compression(CYASSL* ssl)
         return 0;
     }
 
+    char*  CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
+    {
+        if (x509 == NULL)
+            return NULL;
+
+        return x509->subjectCN;
+    }
+
 #endif /* OPENSSL_EXTRA */