diff --git a/src/pkg-tls.c b/src/pkg-tls.c
index 9195b60..0167664 100644
--- a/src/pkg-tls.c
+++ b/src/pkg-tls.c
@@ -106,28 +106,11 @@ set_dhe1024 (void)
     int i;
     DSA *dsaparams;
     DH *dhparams;
-    const char *seed[] = { ";-)  :-(  :-)  :-(  ",
-                           ";-)  :-(  :-)  :-(  ",
-                           "Random String no. 12",
-                           ";-)  :-(  :-)  :-(  ",
-                           "hackers have even mo", /* from jargon file */
-                         };
-    unsigned char seedbuf[20];
 
     if (dhe1024 != NULL)
         return MY_TRUE;
 
-    RAND_bytes((unsigned char *) &i, sizeof i);
-
-    /* Make sure that i is non-negative - pick one of the provided seeds */
-    if (i < 0)
-        i = -1;
-    if (i < 0) /* happens if i == MININT */
-        i = 0;
-
-    i %= sizeof seed / sizeof seed[0];
-    memcpy(seedbuf, seed[i], 20);
-    dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
+    dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
 
     if (dsaparams == NULL)
         return MY_FALSE;
@@ -1125,7 +1108,8 @@ f_tls_check_certificate(svalue_t *sp)
     if (peer != NULL)
     {
         int i, j, len;
-        char buf[256];
+	// used by OBJ_obj2txt - anything larger than 4096 bytes will be trimmed
+        char buf[4096]; 
         vector_t *extra = NULL;
 
         v = allocate_array(2 + more);
@@ -1150,13 +1134,15 @@ f_tls_check_certificate(svalue_t *sp)
             ob = X509_NAME_ENTRY_get_object(entry);
 
             len = OBJ_obj2txt(buf, sizeof buf, ob, 1);
+	    if (len > sizeof buf) len = sizeof buf;
             put_c_n_string(&(extra->item[3 * i]), buf, len);
 
             len = OBJ_obj2txt(buf, sizeof buf, ob, 0);
             put_c_n_string(&(extra->item[3 * i + 1]), buf, len);
             
-            put_c_string(&(extra->item[3 * i + 2])
-                        , (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)));
+            put_c_n_string(&(extra->item[3 * i + 2]), 
+			   (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
+			   ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
         }
         put_array(&(v->item[1]), extra);
 
@@ -1182,10 +1168,12 @@ f_tls_check_certificate(svalue_t *sp)
                     break;
                 }
                 /* extension name */
-                len = OBJ_obj2txt(buf, sizeof buf, ext->object, 1),
+                len = OBJ_obj2txt(buf, sizeof buf, ext->object, 1);
+		if (len > sizeof buf) len = sizeof buf;
                 put_c_n_string(&(extensions->item[3 * i]), (char *)buf, len);
 
-                len = OBJ_obj2txt(buf, sizeof buf, ext->object, 0),
+                len = OBJ_obj2txt(buf, sizeof buf, ext->object, 0);
+		if (len > sizeof buf) len = sizeof buf;
                 put_c_n_string(&(extensions->item[3 * i + 1]), (char *)buf, len);
 
                 /* extension values */
@@ -1208,34 +1196,39 @@ f_tls_check_certificate(svalue_t *sp)
                     case GEN_OTHERNAME:
                         value = ext_val->d.otherName->value->value.asn1_string;
 
-                        len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 1),
+                        len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 1);
+			if (len > sizeof buf) len = sizeof buf;
                         put_c_n_string(&(extension->item[3 * iter]), buf, len);
-                        len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 0),
+                        len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 0);
+			if (len > sizeof buf) len = sizeof buf;
                         put_c_n_string(&(extension->item[3 * iter + 1]), buf, len);
-                        put_c_string(&(extension->item[3 * iter + 2])
-                                    , (char*)ASN1_STRING_data(value));
+                        put_c_n_string(&(extension->item[3 * iter + 2]), 
+				       (char*)ASN1_STRING_data(value),
+				       ASN1_STRING_length(value));
                         break;
                     case GEN_DNS:
                         value = ext_val->d.dNSName;
                         put_c_n_string(&(extension->item[3 * iter]), "dNSName", 7);
                         put_c_n_string(&(extension->item[3 * iter + 1]), "dNSName", 7);
-                        put_c_string(&(extension->item[3 * iter + 2])
-                                    , (char*)ASN1_STRING_data(value));
-
+                        put_c_n_string(&(extension->item[3 * iter + 2]), 
+				       (char*)ASN1_STRING_data(value),
+				       ASN1_STRING_length(value));
                         break;
                     case GEN_EMAIL:
                         value = ext_val->d.rfc822Name;
                         put_c_n_string(&(extension->item[3 * iter]), "rfc822Name", 10);
                         put_c_n_string(&(extension->item[3 * iter + 1]), "rfc822Name", 10);
-                        put_c_string(&(extension->item[3 * iter + 2])
-                                    , (char*)ASN1_STRING_data(value));
+                        put_c_n_string(&(extension->item[3 * iter + 2]), 
+				       (char*)ASN1_STRING_data(value),
+				       ASN1_STRING_length(value));
                         break;
                     case GEN_URI:
                         value = ext_val->d.uniformResourceIdentifier;
                         put_c_n_string(&(extension->item[3 * iter]), "uniformResourceIdentifier", 25);
                         put_c_n_string(&(extension->item[3 * iter + 1]), "uniformResourceIdentifier", 25);
-                        put_c_string(&(extension->item[3 * iter + 2])
-                                    , (char*)ASN1_STRING_data(value));
+                        put_c_n_string(&(extension->item[3 * iter + 2]), 
+				     (char*)ASN1_STRING_data(value),
+				     ASN1_STRING_length(value));
                         break;
 
                     /* TODO: the following are unimplemented