From 0ce3bd26cd99924734059aa465342696c18ab30f Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter@plexis.eu>
Date: Sat, 4 Feb 2012 20:30:27 +0100
Subject: [PATCH] Add some checking to usage 2

---
 swede | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/swede b/swede
index 60947eb..af8f560 100755
--- a/swede
+++ b/swede
@@ -504,7 +504,13 @@ if __name__ == '__main__':
 				elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
 					#FIXME: doesnt comply to the spec
 					matched = False
+					previous_issuer = None
 					for cert in chain:
+						if previous_issuer:
+							if not str(previous_issuer) == str(cert.get_subject()): # The chain cannot be valid
+								print "FAIL: Certificates don't chain"
+								break
+							previous_issuer = cert.get_issuer()
 						if verifyCertMatch(record, cert):
 							matched = True
 							continue
-- 
2.36.1