diff --git a/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp b/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
index f69b995de57d..3128a5101662 100644
--- a/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
+++ b/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
@@ -69,8 +69,6 @@ TVector<std::pair<TString, TString>> X509CertificateReader::ReadAllSubjectTerms(
 
     int entryCount = X509_NAME_entry_count(name);
     subjectTerms.reserve(entryCount);
-    char buf[1024];
-    static const int bufLen = sizeof(buf);
     for (int i = 0; i < entryCount; i++) {
         const X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, i);
         if (!entry) {
@@ -80,17 +78,14 @@ TVector<std::pair<TString, TString>> X509CertificateReader::ReadAllSubjectTerms(
         if (!data) {
             continue;
         }
-        int dataLen = (data->length > (bufLen - 1)) ? (bufLen - 1) : data->length;
-        memcpy(buf, data->data, dataLen);
-        buf[dataLen] = '\0';
 
         const ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
         if (!object) {
             continue;
         }
-        int nid = OBJ_obj2nid(object);
+        const int nid = OBJ_obj2nid(object);
         const char* sn = OBJ_nid2sn(nid);
-        subjectTerms.push_back(std::make_pair(TString(sn, std::strlen(sn)), TString(buf, std::strlen(buf))));
+        subjectTerms.push_back(std::make_pair(TString(sn, std::strlen(sn)), TString(reinterpret_cast<char*>(data->data), data->length)));
     }
     return subjectTerms;
 }
diff --git a/ydb/core/security/ticket_parser_impl.h b/ydb/core/security/ticket_parser_impl.h
index 20cf3763a3e9..9c164b6afcb1 100644
--- a/ydb/core/security/ticket_parser_impl.h
+++ b/ydb/core/security/ticket_parser_impl.h
@@ -661,11 +661,10 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
         if (record.TokenType != TDerived::ETokenType::Certificate) {
             return false;
         }
-        const static TString error = "Cannot create token from certificate. Cannot extract subject from certificate";
         CounterTicketsCertificate->Inc();
         X509CertificateReader::X509Ptr x509cert = X509CertificateReader::ReadCertAsPEM(record.Certificate);
         if (!x509cert) {
-            SetError(key, record, { .Message = error, .Retryable = false });
+            SetError(key, record, { .Message = "Cannot create token from certificate. Cannot read certificate", .Retryable = false });
             return false;
         }
         TStringBuilder dn;
@@ -673,7 +672,7 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
             dn << attribute << "=" << value << ",";
         }
         if (dn.empty()) {
-            SetError(key, record, { .Message = error, .Retryable = false });
+            SetError(key, record, { .Message = "Cannot create token from certificate. Cannot extract subject from certificate", .Retryable = false });
             return false;
         }
         dn.remove(dn.size() - 1);
@@ -1547,8 +1546,7 @@ class TTicketParserImpl : public TActorBootstrapped<TDerived> {
             } else {
                 return TDerived::ETokenType::Unsupported;
             }
-        }
-         if (tokenType == "ApiKey") {
+        } else if (tokenType == "ApiKey") {
             if (ApiKeyEnabled()) {
                 return TDerived::ETokenType::ApiKey;
             } else {