diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 54dac166b..2d99d18e6 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -85,7 +85,7 @@
 /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
 #define MBEDTLS_X509_BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
 #define MBEDTLS_X509_BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
-#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) or subjectAltName (SAN) does not match with the expected name. */
 #define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
 #define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  /**< The CRL is not correctly signed by the trusted CA. */
 #define MBEDTLS_X509_BADCRL_EXPIRED              0x20  /**< The CRL is expired. */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6dc5ad34f..9573438b0 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1470,7 +1470,7 @@ struct x509_crt_verify_string {
 static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
     { MBEDTLS_X509_BADCERT_EXPIRED,       "The certificate validity has expired" },
     { MBEDTLS_X509_BADCERT_REVOKED,       "The certificate has been revoked (is on a CRL)" },
-    { MBEDTLS_X509_BADCERT_CN_MISMATCH,   "The certificate Common Name (CN) does not match with the expected CN" },
+    { MBEDTLS_X509_BADCERT_CN_MISMATCH,   "The certificate Common Name (CN) or subjectAltName (SAN) does not match with the expected name" },
     { MBEDTLS_X509_BADCERT_NOT_TRUSTED,   "The certificate is not correctly signed by the trusted CA" },
     { MBEDTLS_X509_BADCRL_NOT_TRUSTED,    "The CRL is not correctly signed by the trusted CA" },
     { MBEDTLS_X509_BADCRL_EXPIRED,        "The CRL is expired" },