From 0e6239acb06bfc0f149df3a0761c3e3dd98e8ae5 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Wed, 6 Feb 2013 15:44:01 +0000
Subject: [PATCH] Add a "suspicious intermediate" mark for future debugging.

---
 build/check_embedded.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index ad0cfa60..cbb141ce 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -48,6 +48,7 @@
 $issuerMark{'GlobalSign Primary Secure Server CA'} = 'i';
 $issuerMark{'GlobalSign ServerSign CA'} = 'i';
 $issuerMark{'Thawte Premium Server CA'} = '<'; # root directly signs; 1024 bit key
+#$issuerMark{'VeriSign International Server CA - Class 3'} = '?';
 
 # NOT from master.xml
 $issuerMark{'Cybertrust Educational CA'} = 'x'; # ex trust root
@@ -503,6 +504,9 @@ sub comment {
 			if ($mark eq '<') {
 				warning("issuer '$issuerCN' associated with a 1024-bit root, expiry $notAfter");
 			}
+			if ($mark eq '?') {
+				warning("issuer '$issuerCN' suspect; verify");
+			}
 		}
 
 		#