1 diff -up gnutls-1.4.1/lib/x509/verify.c.chain-verify gnutls-1.4.1/lib/x509/verify.c
2 --- gnutls-1.4.1/lib/x509/verify.c.chain-verify 2008-11-11 10:55:19.000000000 +0100
3 +++ gnutls-1.4.1/lib/x509/verify.c 2008-11-11 10:58:54.000000000 +0100
4 @@ -379,6 +379,17 @@ _gnutls_x509_verify_certificate (const g
6 unsigned int status = 0, output;
8 + /* Check if the last certificate in the path is self signed.
9 + * In that case ignore it (a certificate is trusted only if it
10 + * leads to a trusted party by us, not the server's).
12 + if (clist_size > 1 &&
13 + gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
14 + certificate_list[clist_size - 1]) > 0)
19 /* Verify the last certificate in the certificate path
20 * against the trusted CA certificate list.
22 @@ -417,17 +428,6 @@ _gnutls_x509_verify_certificate (const g
26 - /* Check if the last certificate in the path is self signed.
27 - * In that case ignore it (a certificate is trusted only if it
28 - * leads to a trusted party by us, not the server's).
30 - if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
31 - certificate_list[clist_size - 1]) > 0
37 /* Verify the certificate path (chain)
39 for (i = clist_size - 1; i > 0; i--)