diff --git a/CHANGES b/CHANGES
index d88a36de22e9dfbc8e3c02e2add229caff47cc63..09326c49840ed11523b0bbe0e3a229418cac2918 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.16 Engineering
+	Fixed libldap segfault in checking cert/DN (ITS#5976)
 
 OpenLDAP 2.4.15 Release (2009/02/24)
 	Fixed libldap alias dereferencing in C API again (ITS#5916)
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index ff2a2d2b52ba8733d9eecb3ca17ac0066fd09432..69e6f609e84197420021f933f8d217553a11deda 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -872,8 +872,9 @@ ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func,
 	struct berval der_dn;
 	int rc;
 
-	tls_imp->ti_session_my_dn( session, &der_dn );
-	rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
+	rc = tls_imp->ti_session_my_dn( session, &der_dn );
+	if ( rc == LDAP_SUCCESS )
+		rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
 	return rc;
 }
 #endif /* HAVE_TLS */