+++ /dev/null
-diff -up gnutls-1.4.1/lib/x509/verify.c.chain-verify gnutls-1.4.1/lib/x509/verify.c
---- gnutls-1.4.1/lib/x509/verify.c.chain-verify 2008-11-11 10:55:19.000000000 +0100
-+++ gnutls-1.4.1/lib/x509/verify.c 2008-11-11 10:58:54.000000000 +0100
-@@ -379,6 +379,17 @@ _gnutls_x509_verify_certificate (const g
- int i = 0, ret;
- unsigned int status = 0, output;
-
-+ /* Check if the last certificate in the path is self signed.
-+ * In that case ignore it (a certificate is trusted only if it
-+ * leads to a trusted party by us, not the server's).
-+ */
-+ if (clist_size > 1 &&
-+ gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-+ certificate_list[clist_size - 1]) > 0)
-+ {
-+ clist_size--;
-+ }
-+
- /* Verify the last certificate in the certificate path
- * against the trusted CA certificate list.
- *
-@@ -417,17 +428,6 @@ _gnutls_x509_verify_certificate (const g
- }
- #endif
-
-- /* Check if the last certificate in the path is self signed.
-- * In that case ignore it (a certificate is trusted only if it
-- * leads to a trusted party by us, not the server's).
-- */
-- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-- certificate_list[clist_size - 1]) > 0
-- && clist_size > 0)
-- {
-- clist_size--;
-- }
--
- /* Verify the certificate path (chain)
- */
- for (i = clist_size - 1; i > 0; i--)