diff --git a/src/internal.c b/src/internal.c
index 0201261ef..6cb32e43c 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -1706,6 +1706,7 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
 #ifdef OPENSSL_EXTRA
         XMEMSET(&name->fullName, 0, sizeof(DecodedName));
         XMEMSET(&name->cnEntry,  0, sizeof(WOLFSSL_X509_NAME_ENTRY));
+        name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
         name->x509 = NULL;
 #endif /* OPENSSL_EXTRA */
     }
diff --git a/src/ssl.c b/src/ssl.c
index 84aba0757..ce35375c3 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -10312,7 +10312,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
                                                     WOLFSSL_X509_NAME_ENTRY* in)
     {
         WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
-        return &in->value;
+        return in->value;
     }
 
 
@@ -17226,9 +17226,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         /* common name index case */
         if (loc == name->fullName.cnIdx) {
             /* get CN shortcut from x509 since it has null terminator */
-            name->cnEntry.value.data   = name->x509->subjectCN;
-            name->cnEntry.value.length = name->fullName.cnLen;
-            name->cnEntry.value.type   = ASN_COMMON_NAME;
+            name->cnEntry.data.data   = name->x509->subjectCN;
+            name->cnEntry.data.length = name->fullName.cnLen;
+            name->cnEntry.data.type   = ASN_COMMON_NAME;
             name->cnEntry.set  = 1;
             return &(name->cnEntry);
         }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 1de9c874f..ed05d313e 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -45,9 +45,6 @@
 #endif
 #ifndef NO_ASN
     #include <wolfssl/wolfcrypt/asn.h>
-    #ifdef OPENSSL_EXTRA
-    #include <wolfssl/openssl/asn1.h> /* for asn1 string and bit struct */
-    #endif
 #endif
 #ifndef NO_MD5
     #include <wolfssl/wolfcrypt/md5.h>
@@ -2442,16 +2439,6 @@ typedef struct Arrays {
 #define MAX_DATE_SZ 32
 #endif
 
-#ifdef OPENSSL_EXTRA
-struct WOLFSSL_X509_NAME_ENTRY {
-    WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
-    WOLFSSL_ASN1_STRING value;
-    int set;
-    int size;
-};
-#endif /* OPENSSL_EXTRA */
-
-
 struct WOLFSSL_X509_NAME {
     char  *name;
     char  staticName[ASN_NAME_MAX];
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 54ab02125..ceea78c31 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1650,6 +1650,16 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
 
 #ifdef OPENSSL_EXTRA /*lighttp compatibility */
+
+#include <wolfssl/openssl/asn1.h>
+struct WOLFSSL_X509_NAME_ENTRY {
+    WOLFSSL_ASN1_OBJECT* object; /* not defined yet */
+    WOLFSSL_ASN1_STRING  data;
+    WOLFSSL_ASN1_STRING* value;  /* points to data, for lighttpd port */
+    int set;
+    int size;
+};
+
 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)
 WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
 WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);