diff --git a/src/common/ssl.c b/src/common/ssl.c
index d036fb66..5d40d12b 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -113,8 +113,8 @@ ASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm)
 	buf[0] = 0;
 	if (expires != NULL)
 	{
-		memset (buf, 0, buf_len);
-		strncpy (buf, expires, 24);
+		/* expires is not \0 terminated */
+		safe_strcpy (buf, expires, MIN(24, buf_len));
 	}
 	BIO_free (inMem);
 }
@@ -176,17 +176,17 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
 
 	peer_pkey = X509_get_pubkey (peer_cert);
 
-	strncpy (cert_info->algorithm,
+	safe_strcpy (cert_info->algorithm,
 				(alg == NID_undef) ? "Unknown" : OBJ_nid2ln (alg),
 				sizeof (cert_info->algorithm));
 	cert_info->algorithm_bits = EVP_PKEY_bits (peer_pkey);
-	strncpy (cert_info->sign_algorithm,
+	safe_strcpy (cert_info->sign_algorithm,
 				(sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg),
 				sizeof (cert_info->sign_algorithm));
 	/* EVP_PKEY_bits(ca_pkey)); */
 	cert_info->sign_algorithm_bits = 0;
-	strncpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
-	strncpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
+	safe_strcpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
+	safe_strcpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
 
 	EVP_PKEY_free (peer_pkey);
 
@@ -215,9 +215,9 @@ _SSL_get_cipher_info (SSL * ssl)
 
 
 	c = SSL_get_current_cipher (ssl);
-	strncpy (chiper_info.version, SSL_CIPHER_get_version (c),
+	safe_strcpy (chiper_info.version, SSL_CIPHER_get_version (c),
 				sizeof (chiper_info.version));
-	strncpy (chiper_info.chiper, SSL_CIPHER_get_name (c),
+	safe_strcpy (chiper_info.chiper, SSL_CIPHER_get_name (c),
 				sizeof (chiper_info.chiper));
 	SSL_CIPHER_get_bits (c, &chiper_info.chiper_bits);