X-Git-Url: https://git.svenne.dk/?p=public%2Fdnssec-swede-utility.git;a=blobdiff_plain;f=swede;fp=swede;h=af8f56006f54120f42047f3945e6e1402121f2ad;hp=60947eb7d2a1d7e5cccf7488de1fe562dcb048a3;hb=0ce3bd26cd99924734059aa465342696c18ab30f;hpb=6accad05d1a1c9d7fe307208b67d274125d0bea5

diff --git a/swede b/swede
index 60947eb..af8f560 100755
--- a/swede
+++ b/swede
@@ -504,7 +504,13 @@ if __name__ == '__main__':
 				elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
 					#FIXME: doesnt comply to the spec
 					matched = False
+					previous_issuer = None
 					for cert in chain:
+						if previous_issuer:
+							if not str(previous_issuer) == str(cert.get_subject()): # The chain cannot be valid
+								print "FAIL: Certificates don't chain"
+								break
+							previous_issuer = cert.get_issuer()
 						if verifyCertMatch(record, cert):
 							matched = True
 							continue