@@ -804,6 +804,20 @@ string_mod_const (const char *str,

     return NULL;

 }

+void

+string_replace_leading (char *str, const char match, const char replace)

+{

+  ASSERT (match != '\0');

+  while (*str)

+    {

+      if (*str == match)

+	*str = replace;

+      else

+	break;

+      ++str;

+    }

+}

+

 #ifdef CHARACTER_CLASS_DEBUG

 #define CC_INCLUDE    (CC_PRINT)

@@ -615,6 +615,8 @@ const char *string_mod_const (const char *str,

 			      const char replace,

 			      struct gc_arena *gc);

+void string_replace_leading (char *str, const char match, const char replace);

+

 #ifdef CHARACTER_CLASS_DEBUG

 void character_class_debug (void);

 #endif

@@ -554,6 +554,9 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)

   /* enforce character class restrictions in X509 name */

   string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_');

+  string_replace_leading (subject, '-', '_');

+

+  msg (M_INFO, "X509: '%s'", subject); // JYFIXME

   /* extract the common name */

 #ifdef USE_OLD_EXTRACT_X509_FIELD