From 158447e03d6de6201b4cbb7244e406ea873fa3a3 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 9 Dec 2014 09:46:36 +0100
Subject: ssl: Remove selfsigned anchor certificate from the certificate chain

A selfsigned trusted anchor should not be in the certifcate chain passed to
the certificate path validation.

Conflicts:
	lib/ssl/src/ssl_certificate.erl
---
 lib/ssl/src/ssl_certificate.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/ssl/src/ssl_certificate.erl')

diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 9c0ed181fe..30d224fee2 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -282,7 +282,7 @@ other_issuer(OtpCert, CertDbHandle) ->
 handle_path({BinCert, OTPCert}, Path, PartialChainHandler) ->
     case public_key:pkix_is_self_signed(OTPCert) of
 	true ->
-	    {BinCert, Path};
+	    {BinCert, lists:delete(BinCert, Path)};
 	false ->
 	   handle_incomplete_chain(Path, PartialChainHandler)
     end.
-- 
cgit v1.2.3