Index: generic/tls.c
==================================================================
--- generic/tls.c
+++ generic/tls.c
@@ -1412,27 +1412,18 @@
 	}
     } else {
 	objPtr = Tcl_NewListObj(0, NULL);
     }
 
-    Tcl_ListObjAppendElement (interp, objPtr,
-	    Tcl_NewStringObj ("sbits", -1));
-    Tcl_ListObjAppendElement (interp, objPtr,
-	    Tcl_NewIntObj (SSL_get_cipher_bits (statePtr->ssl, NULL)));
+    LAPPEND_INT(interp, objPtr, "sbits", SSL_get_cipher_bits(statePtr->ssl, NULL));
 
     ciphers = (char*)SSL_get_cipher(statePtr->ssl);
     if (ciphers != NULL && strcmp(ciphers, "(NONE)")!=0) {
-	Tcl_ListObjAppendElement(interp, objPtr,
-		Tcl_NewStringObj("cipher", -1));
-	Tcl_ListObjAppendElement(interp, objPtr,
-		Tcl_NewStringObj(SSL_get_cipher(statePtr->ssl), -1));
+	LAPPEND_STR(interp, objPtr, "cipher", ciphers, -1);
     }
 
-    Tcl_ListObjAppendElement(interp, objPtr,
-	Tcl_NewStringObj("version", -1));
-    Tcl_ListObjAppendElement(interp, objPtr,
-	Tcl_NewStringObj(SSL_get_version(statePtr->ssl), -1));
+    LAPPEND_STR(interp, objPtr, "version", SSL_get_version(statePtr->ssl), -1);
 
     Tcl_SetObjResult(interp, objPtr);
     return TCL_OK;
 }
 
@@ -1538,13 +1529,10 @@
 		for (i=0; i<listc; i+=2) {
 		    str=Tcl_GetString(listv[i]);
 		    if (strcmp(str,"days")==0) {
 			if (Tcl_GetIntFromObj(interp,listv[i+1],&days)!=TCL_OK)
 			    return TCL_ERROR;
-		    } else if (strcmp(str,"serial")==0) {
-			if (Tcl_GetIntFromObj(interp,listv[i+1],&serial)!=TCL_OK)
-			    return TCL_ERROR;
 		    } else if (strcmp(str,"serial")==0) {
 			if (Tcl_GetIntFromObj(interp,listv[i+1],&serial)!=TCL_OK)
 			    return TCL_ERROR;
 		    } else if (strcmp(str,"C")==0) {
 			k_C=Tcl_GetString(listv[i+1]);
@@ -1725,11 +1713,11 @@
  *	by Tcl when this package is to be added to an interpreter.
  *
  * Results:  Ssl configured and loaded
  *
  * Side effects:
- *	 create the ssl command, initialise ssl context
+ *	 create the ssl command, initialize ssl context
  *
  *-------------------------------------------------------------------
  */
 
 #ifndef STRINGIFY

Index: generic/tlsX509.c
==================================================================
--- generic/tlsX509.c
+++ generic/tlsX509.c
@@ -1,10 +1,14 @@
 /*
  * Copyright (C) 1997-2000 Sensus Consulting Ltd.
  * Matt Newman <matt@sensus.org>
+ * Copyright (C) 2023 Brian O'Hagan
  */
 #include "tlsInt.h"
+
+/* Define maximum certificate size. Max PEM size 100kB and DER size is 24kB. */
+#define CERT_STR_SIZE 32768
 
 /*
  *  Ensure these are not macros - known to be defined on Win32
  */
 #ifdef min
@@ -33,35 +37,35 @@
 {
     static char bp[128];
     char *v;
     int gmt=0;
     static char *mon[12]={
-        "Jan","Feb","Mar","Apr","May","Jun",
-        "Jul","Aug","Sep","Oct","Nov","Dec"};
+	"Jan","Feb","Mar","Apr","May","Jun",
+	"Jul","Aug","Sep","Oct","Nov","Dec"};
     int i;
     int y=0,M=0,d=0,h=0,m=0,s=0;
 
     i=tm->length;
     v=(char *)tm->data;
 
     if (i < 10) goto err;
     if (v[i-1] == 'Z') gmt=1;
     for (i=0; i<10; i++)
-        if ((v[i] > '9') || (v[i] < '0')) goto err;
+	if ((v[i] > '9') || (v[i] < '0')) goto err;
     y= (v[0]-'0')*10+(v[1]-'0');
     if (y < 70) y+=100;
     M= (v[2]-'0')*10+(v[3]-'0');
     if ((M > 12) || (M < 1)) goto err;
     d= (v[4]-'0')*10+(v[5]-'0');
     h= (v[6]-'0')*10+(v[7]-'0');
     m=  (v[8]-'0')*10+(v[9]-'0');
     if (	(v[10] >= '0') && (v[10] <= '9') &&
 		(v[11] >= '0') && (v[11] <= '9'))
-        s=  (v[10]-'0')*10+(v[11]-'0');
+	s=  (v[10]-'0')*10+(v[11]-'0');
 
     sprintf(bp,"%s %2d %02d:%02d:%02d %d%s",
-                   mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"");
+		   mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"");
     return bp;
  err:
     return "Bad time value";
 }
 
@@ -72,28 +76,26 @@
  *
  *	------------------------------------------------*
  *	Converts a X509 certificate into a Tcl_Obj
  *	------------------------------------------------*
  *
- *	Sideeffects:
+ *	Side effects:
  *		None
  *
  *	Result:
  *		A Tcl List Object representing the provided
  *		X509 certificate.
  *
  *------------------------------------------------------*
  */
 
-#define CERT_STR_SIZE 16384
-
 Tcl_Obj*
-Tls_NewX509Obj( interp, cert)
-    Tcl_Interp *interp;
-    X509 *cert;
+Tls_NewX509Obj(
+    Tcl_Interp *interp,
+    X509 *cert)
 {
-    Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL);
+    Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL);
     BIO *bio;
     int n;
     unsigned long flags;
     char subject[BUFSIZ];
     char issuer[BUFSIZ];
@@ -136,30 +138,30 @@
 	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
 	n = max(n, 0);
 	serial[n] = 0;
 	(void)BIO_flush(bio);
 
-        if (PEM_write_bio_X509(bio, cert)) {
-            certStr_p = certStr;
-            certStr_len = 0;
-            while (1) {
-                toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1);
-                toRead = min(toRead, BUFSIZ);
-                if (toRead == 0) {
-                    break;
-                }
-                dprintf("Reading %i bytes from the certificate...", toRead);
-                n = BIO_read(bio, certStr_p, toRead);
-                if (n <= 0) {
-                    break;
-                }
-                certStr_len += n;
-                certStr_p   += n;
-            }
-            *certStr_p = '\0';
-            (void)BIO_flush(bio);
-        }
+	if (PEM_write_bio_X509(bio, cert)) {
+	    certStr_p = certStr;
+	    certStr_len = 0;
+	    while (1) {
+		toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1);
+		toRead = min(toRead, BUFSIZ);
+		if (toRead == 0) {
+		    break;
+		}
+		dprintf("Reading %i bytes from the certificate...", toRead);
+		n = BIO_read(bio, certStr_p, toRead);
+		if (n <= 0) {
+		    break;
+		}
+		certStr_len += n;
+		certStr_p   += n;
+	    }
+	    *certStr_p = '\0';
+	    (void)BIO_flush(bio);
+	}
 
 	BIO_free(bio);
     }
 
     strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
@@ -166,44 +168,25 @@
     strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));
 
 #ifndef NO_SSL_SHA
     X509_digest(cert, EVP_sha1(), sha_hash_binary, NULL);
     for (shai = 0; shai < SHA_DIGEST_LENGTH; shai++) {
-        sha_hash_ascii[shai * 2]     = shachars[(sha_hash_binary[shai] & 0xF0) >> 4];
-        sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)];
+	sha_hash_ascii[shai * 2]     = shachars[(sha_hash_binary[shai] & 0xF0) >> 4];
+	sha_hash_ascii[shai * 2 + 1] = shachars[(sha_hash_binary[shai] & 0x0F)];
     }
-    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj("sha1_hash", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj(sha_hash_ascii, SHA_DIGEST_LENGTH * 2) );
+    LAPPEND_STR(interp, certPtr, "sha1_hash", sha_hash_ascii, SHA_DIGEST_LENGTH * 2);
 
 #endif
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( "subject", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( subject, -1) );
-
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( "issuer", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( issuer, -1) );
-
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( "notBefore", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( notBefore, -1) );
-
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( "notAfter", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( notAfter, -1) );
-
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( "serial", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( serial, -1) );
-
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( "certificate", -1) );
-    Tcl_ListObjAppendElement( interp, certPtr,
-	    Tcl_NewStringObj( certStr, -1) );
+    LAPPEND_STR(interp, certPtr, "subject", subject, -1);
+
+    LAPPEND_STR(interp, certPtr, "issuer", issuer, -1);
+
+    LAPPEND_STR(interp, certPtr, "notBefore", notBefore, -1);
+
+    LAPPEND_STR(interp, certPtr, "notAfter", notAfter, -1);
+
+    LAPPEND_STR(interp, certPtr, "serial", serial, -1);
+
+    LAPPEND_STR(interp, certPtr, "certificate", certStr, -1);
 
     return certPtr;
 }