If pinned certificates are supported and present in the TOE, they adversely affect the ability to perform the CN/SAN checking in FCS_TLSC_EXT.1.2 Tests 1-6.

The sentence under Tests that precedes Test 1 is modified as follows, with underlines indicating additions:

The evaluator shall configure the reference identifier according to the AGD guidance and perform the following tests during a TLS connection.  If the TOE supports certificate pinning, all pinned certificates must be removed before performing Tests 1 through 6. A pinned certificate must be added prior to performing Test 7.

See issue description.