diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 658b09988d..de3ebb344f 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -584,39 +584,38 @@ aloop:
 		char	   *peer_dn;
 		BIO		   *bio = NULL;
 		BUF_MEM    *bio_buf = NULL;
+		char	   *peer_cn;
 
 		len = X509_NAME_get_text_by_NID(x509name, NID_commonName, NULL, 0);
-		if (len != -1)
-		{
-			char	   *peer_cn;
-
-			peer_cn = MemoryContextAlloc(TopMemoryContext, len + 1);
-			r = X509_NAME_get_text_by_NID(x509name, NID_commonName, peer_cn,
-										  len + 1);
-			peer_cn[len] = '\0';
-			if (r != len)
-			{
-				/* shouldn't happen */
-				pfree(peer_cn);
-				return -1;
-			}
+		if (len == -1)
+			return -1;
 
-			/*
-			 * Reject embedded NULLs in certificate common name to prevent
-			 * attacks like CVE-2009-4034.
-			 */
-			if (len != strlen(peer_cn))
-			{
-				ereport(COMMERROR,
-						(errcode(ERRCODE_PROTOCOL_VIOLATION),
-						 errmsg("SSL certificate's common name contains embedded null")));
-				pfree(peer_cn);
-				return -1;
-			}
+		peer_cn = MemoryContextAlloc(TopMemoryContext, len + 1);
+		r = X509_NAME_get_text_by_NID(x509name, NID_commonName, peer_cn,
+									  len + 1);
+		peer_cn[len] = '\0';
+		if (r != len)
+		{
+			/* shouldn't happen */
+			pfree(peer_cn);
+			return -1;
+		}
 
-			port->peer_cn = peer_cn;
+		/*
+		 * Reject embedded NULLs in certificate common name to prevent
+		 * attacks like CVE-2009-4034.
+		 */
+		if (len != strlen(peer_cn))
+		{
+			ereport(COMMERROR,
+					(errcode(ERRCODE_PROTOCOL_VIOLATION),
+					 errmsg("SSL certificate's common name contains embedded null")));
+			pfree(peer_cn);
+			return -1;
 		}
 
+		port->peer_cn = peer_cn;
+
 		bio = BIO_new(BIO_s_mem());
 		if (!bio)
 		{