diff -up fetchmail-6.3.11/socket.c_old fetchmail-6.3.11/socket.c
--- fetchmail-6.3.11/socket.c_old	2009-08-18 11:56:15.000000000 +0200
+++ fetchmail-6.3.11/socket.c	2009-08-18 11:58:17.000000000 +0200
@@ -628,9 +628,10 @@ static int SSL_verify_callback( int ok_r
 				report(stdout, GT_("Unknown Issuer CommonName\n"));
 		}
 		if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) {
-			if (outlevel >= O_VERBOSE)
+			if (outlevel >= O_VERBOSE) {
 				report(stdout, GT_("Server CommonName: %s\n"), (tt = sdump(buf, i)));
-			xfree(tt);
+				xfree(tt);
+			}
 			if ((size_t)i >= sizeof(buf) - 1) {
 				/* Possible truncation. In this case, this is a DNS name, so this
 				 * is really bad. We do not tolerate this even in the non-strict case. */