From 0a89d5c94f50b1e863c27c8d54a2002930bfa167 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Wed, 11 Jun 2025 09:06:41 +0200
Subject: [PATCH] Some cert need 5 lines to reach the CN

---
 testssl.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index be0d7df..1d133cc 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10121,9 +10121,9 @@ certificate_info() {
                expok="OK"
           fi
           out " ($enddate). "
-          # Match on Subject/Issuer plus next 4 lines, there should be the CN
-          cn="$(awk '/Subject:/{stop=NR+4}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
-          issuer_CN="$(awk '/Issuer:/{stop=NR+4}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
+          # Match Subject/Issuer on next 5 lines, where the CN is (4 lines is fine in most cases, 5 should suffice for all certs)
+          cn="$(awk '/Subject:/{stop=NR+5}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
+          issuer_CN="$(awk '/Issuer:/{stop=NR+5}; NR<=stop' <<< "${intermediate_certs_txt[i]}" | awk -F= '/CN/ { print $NF }')"
           # to catch errors like #2789 during unit test:
           [[ -z "$cn" ]] && cn="FIXME: cn error"
           [[ -z "$issuer_CN" ]] && issuer_CN="FIXME: issuer_CN error"