diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 17d3aa7eb..84ea1358e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6712,6 +6712,14 @@ static int SetName(byte* output, word32 outputSz, CertName* name)
             int thisLen = strLen;
             int firstSz, secondSz, seqSz, setSz;
 
+            /* Restrict country code size */
+            if (i == 0) {
+                if (strLen >= CTC_COUNTRY_SIZE)
+                    strLen = CTC_COUNTRY_SIZE;
+                else
+                    strLen = 0;
+            }
+
             if (strLen == 0) { /* no user data for this item */
                 names[i].used = 0;
                 continue;
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 0e719ddb2..83140e674 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -77,6 +77,7 @@ enum Ctc_Encoding {
 };
 
 enum Ctc_Misc {
+    CTC_COUNTRY_SIZE  =     2,
     CTC_NAME_SIZE     =    64,
     CTC_DATE_SIZE     =    32,
     CTC_MAX_ALT_SIZE  = 16384,   /* may be huge */