diff --git a/src/apps/relay/userdb.c b/src/apps/relay/userdb.c
index 9c1ca5600..82caacd16 100644
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@@ -434,10 +434,11 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
     {
         int token_len = stun_attr_get_len(sar);
         const u08bits* token_ptr = stun_attr_get_value(sar);
-	u08bits token[128];
-	memcpy(token, token_ptr, token_len);
-
-        if(token_len && 0==stun_check_message_certificate(token, token_len, &cert, secret_key, iv))
+        u08bits token[128];
+        memcpy(token, token_ptr, token_len);
+        token[token_len]=0;
+        int err = stun_check_message_certificate(token, token_len, &cert, secret_key, iv);
+        if(token_len && err == 0)
          {
              const char* password = cert.call_id;
              size_t sz = get_hmackey_size(SHATYPE_DEFAULT) * 2;
@@ -469,7 +470,7 @@ int get_user_key(int in_oauth, int *out_oauth, int *max_session_time, u08bits *u
          }
         else
         {
-            TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Incorrect token: user %s token: %s \n", usname, token);
+            TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Incorrect token: user %s token: %s Error: %d\n", usname, token, err);
             return -1;
         }
     }
diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c
index f29dcf900..4b581b832 100644
--- a/src/client/ns_turn_msg.c
+++ b/src/client/ns_turn_msg.c
@@ -109,6 +109,7 @@ int Base64Decode(const u08bits* b64message, unsigned char * output, int* output_
     bio = BIO_push(b64, bio);
     
     BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use newlines to flush buffer
+   // char* test = (char*)(unsigned long)b64message;
     length = BIO_read(bio, buffer, strlen((char*)(unsigned long)b64message));
     if(length != decodeLen) //length should equal decodeLen, else something went horribly wrong
         return 0;
@@ -1948,13 +1949,13 @@ int stun_check_message_certificate(const u08bits *cert_encrypted, size_t cert_en
     decryptedtext_len = decrypt_aes_128((u08bits *)aes_128_token, aes_128_token_len, key, iv,
                                         decryptedtext);
     if(decryptedtext_len==0)
-        return -1;
+        return -2;
     
     /* Add a NULL terminator. We are expecting printable text */
     decryptedtext[decryptedtext_len] = 0;
     
     if(!parse_token((const char *)decryptedtext, cert))
-        return -1;
+        return -3;
     
     return 0;
 }