From 9b082bf7162d764ec9ca83969a7a3a66032d39c5 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Fri, 30 Sep 2011 00:41:13 -0700
Subject: [PATCH] ITS#7051 fix GNUtls cert dn parse

---
 libraries/libldap/tls_g.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index 5a5cf658ed..17aca4c359 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -530,9 +530,11 @@ tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
 	ber_init2( ber, cert, LBER_USE_DER );
 	tag = ber_skip_tag( ber, &len );	/* Sequence */
 	tag = ber_skip_tag( ber, &len );	/* Sequence */
-	tag = ber_skip_tag( ber, &len );	/* Context + Constructed (version) */
-	if ( tag == 0xa0 )	/* Version is optional */
+	tag = ber_peek_tag( ber, &len );	/* Context + Constructed (version) */
+	if ( tag == 0xa0 ) {	/* Version is optional */
+		tag = ber_skip_tag( ber, &len );
 		tag = ber_get_int( ber, &i );	/* Int: Version */
+	}
 	tag = ber_skip_tag( ber, &len );	/* Int: Serial (can be longer than ber_int_t) */
 	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
-- 
2.39.5