optimized self-signed certificate detection

diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 09bc3e0..6a0be36 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -953,15 +953,15 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer,
                {
                        return FALSE;
                }
-               if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
-               {
-                       return FALSE;
-               }
                if (!(x509->get_flags(x509) & X509_CA))
                {
                        return FALSE;
                }
        }
+       if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
+       {
+               return FALSE;
+       }
        if (!sigcheck)
        {
                return TRUE;
@@ -1208,9 +1208,8 @@ static private_x509_cert_t *load(chunk_t chunk)
                return NULL;
        }
        
-       /* check if the certificate self-signed */
-       if (this->subject->equals(this->subject, this->issuer) &&
-               issued_by(this, &this->public.interface.interface, TRUE))
+       /* check if the certificate is self-signed */
+       if (issued_by(this, &this->public.interface.interface, TRUE))
        {
                this->flags |= X509_SELF_SIGNED;
        }