diff --git a/ChangeLog.txt b/ChangeLog.txt
index 37db7409..e43277ec 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -7,6 +7,9 @@ Broker:
   prevent possible crash. This could occur only in extremely unlikely
   situations. See https://github.com/eclipse-mosquitto/mosquitto/issues/3389
   Closes #3389.
+- Check return value of openssl ASN1_string_[get0_]data() functions for NULL.
+  This prevents a crash in case of incorrect certificate handling in openssl.
+  Closes #3390.
 
 
 2.0.22 - 2025-07-11
diff --git a/src/handle_connect.c b/src/handle_connect.c
index a441ba88..bb86c9aa 100644
--- a/src/handle_connect.c
+++ b/src/handle_connect.c
@@ -805,7 +805,7 @@ int handle__connect(struct mosquitto *context)
 #else
 					new_username = (const char *) ASN1_STRING_get0_data(name_asn1);
 #endif
-					if(mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
+					if(!new_username || mosquitto_validate_utf8(new_username, (int)strlen(new_username))){
 						if(context->protocol == mosq_p_mqtt5){
 							send__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);
 						}else{
diff --git a/src/security_default.c b/src/security_default.c
index f659ce4f..bab39f46 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -1200,10 +1200,17 @@ int mosquitto_security_apply_default(void)
 							continue;
 						}
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-						context->username = mosquitto__strdup((char *) ASN1_STRING_data(name_asn1));
+						const char *username = (const char *)ASN1_STRING_data(name_asn1);
 #else
-						context->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));
+						const char *username = (const char *)ASN1_STRING_get0_data(name_asn1);
 #endif
+						if(!username){
+							X509_free(client_cert);
+							client_cert = NULL;
+							security__disconnect_auth(context);
+							continue;
+						}
+						context->username = mosquitto__strdup(username);
 						if(!context->username){
 							X509_free(client_cert);
 							client_cert = NULL;